[BreachExchange] Patients at Toledo rehab hospital subject to data breach

[Destry Winant]

https://www.toledoblade.com/news/medical/2019/04/10/patients-at-toledo-rehabilitation-hospital-of-northwest-ohio-subject-to-patient-data-breach/stories/20190409141

An undisclosed number of patients at the Rehabilitation Hospital of
Northwest Ohio had their personal data compromised after “unauthorized
access” to employee email accounts in October, hospital officials
said.

Patient data, including names, Social Security numbers, driver’s
license information, dates of birth, and health insurance and patient
care information, was contained in the compromised emails. Patients
were notified of the breach in a letter sent earlier this week.

The hospital, which is on the University of Toledo’s Health Science
Campus but owned by Ernest Health, treats patients recovering from
illness and injuries such as strokes, brain and spinal cord injuries,
and orthopedic injuries.

Officials did not grant an interview request, but said in a subsequent
written statement they will offer a year of free credit monitoring and
identity protection services to people whose Social Security numbers
or driver’s license numbers were included. Hospital officials said
there is no indication the data was misused.

“We deeply regret this incident happened and our hospital is doing
everything possible to support all of our constituents who were
affected by this event,” said division president Jacob Socha, in the
statement.