On March 30, 2024, Ernest Health filed a notice of data breach with the Attorney General of Massachusetts after discovering that an unauthorized party had gained access to the company’s IT network, as well as the IT networks of Ernest Health hospitals. In this notice, Ernest Health explains that the incident resulted in an unauthorized party being able to access patients’ sensitive information, which includes their names, Social Security numbers, driver’s license numbers, addresses, dates of birth, medical record numbers, health insurance plan member IDs, claims data, diagnoses, and prescription information. Upon completing its investigation, Ernest Health began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.

If you received a data breach notification from Ernest Health, it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options following the Ernest Health data breach. For more information, please see our recent piece on the topic here.

What Caused the Ernest Health Data Breach?

The Ernest Health data breach was only recently announced, and more information is expected in the near future. However, Ernest Health’s filing with the Attorney General of Massachusetts provides some important information on what led up to the breach. According to this source, on February 1, 2024, Ernest Health was alerted to unusual activity within its computer network. In response, Ernest Health secured its system and then launched an investigation with the help of third-party data security specialists. Ernest Health also notified law enforcement of the incident.

Through its investigation, Ernest Health learned that an unauthorized party gained access to its IT network between January 16, 2024 and February 4, 2024, including files containing confidential patient information.

After learning that sensitive patient data was accessible to an unauthorized party, Ernest Health reviewed the compromised files to determine what information was leaked and which patients were impacted. While the breached information varies depending on the individual, it may include your name, Social Security number, driver’s license number, address, date of birth, medical record number, health insurance plan member ID, claims data, diagnoses, and prescription information.

On March 30, 2024, Ernest Health sent out data breach letters to anyone who was affected by the recent data security incident. These letters should provide victims with a list of what information belonging to them was compromised.

Which Ernst Health Hospitals Were Affected by the Data Breach?

The following hospitals, all owned by Ernest Health, filed nearly identical notices with the Attorney General of Massachusetts:

• Advanced Care Hospital of Southern New Mexico
• Denver Regional Rehabilitation Hospital
• Greenwood Regional Rehabilitation Hospital
• Lafayette Regional Rehabilitation Hospital
• Mountain Valley Regional Rehabilitation Hospital
• Northern Colorado Rehabilitation Hospital
• Northern Idaho Rehabilitation Hospital
• Northern Utah Rehabilitation Hospital
• Rehabilitation Hospital of Southern New Mexico
• Rehabilitation Hospital of the Northwest
• Summa Rehabilitation Hospital
• Trustpoint Rehabilitation Hospital of Lubbock

More Information About Ernest Health

Founded in 2004, Ernest Health is a rehabilitative services company based out of Mesquite, Texas. Ernest Health operates over 35 rehabilitation hospitals throughout the West and Central United States. Ernest Health employs more than 1,368 people and generates approximately $188 million in annual revenue.