Gateway Rehabilitation Center
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
Pennsylvania-based Gateway Rehabilitation Center experienced a significant data breach that was discovered on June 13, 2022. The breach impacted the personal and health information of approximately 130,000 individuals. The compromised data included names, dates of birth, Social Security numbers, driver’s license or state ID numbers, financial account and payment card numbers, medical information, and health insurance information.
Timeline and Response
June 13, 2022: Gateway Rehab discovered an incident disrupting access to certain systems
July 8, 2022: Gateway Rehab confirmed that personal and protected health information may have been impacted
September 21, 2022: A comprehensive review process concluded, confirming that sensitive information of current and former patients may have been compromised
November 18, 2022: Notification letters were issued to all potentially impacted individuals, and Gateway Rehab provided resources to assist them
Legal and Regulatory Implications
Gateway Rehab faced a class-action lawsuit alleging failure to prevent the data breach and inadequate cybersecurity measures
The lawsuit claims that Gateway Rehab breached the Health Insurance Portability and Accountability Act (HIPAA) by failing to maintain appropriate safeguards
The breach was reported to the U.S. Department of Health and Human Services, and Gateway Rehab is cooperating with the Federal Bureau of Investigation
Steps Taken by Gateway Rehab
Gateway Rehab took immediate steps to secure its systems upon discovering the incident
Independent digital forensics and incident response experts were engaged to investigate the breach
Measures were implemented to enhance the security of Gateway Rehab’s digital environment to minimize the risk of a similar incident in the future
Gateway Rehab established a toll-free call center to answer questions and address concerns related to the incident