Gateway Rehabilitation Center

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

Pennsylvania-based Gateway Rehabilitation Center experienced a significant data breach that was discovered on June 13, 2022. The breach impacted the personal and health information of approximately 130,000 individuals. The compromised data included names, dates of birth, Social Security numbers, driver’s license or state ID numbers, financial account and payment card numbers, medical information, and health insurance information.

Timeline and Response

June 13, 2022: Gateway Rehab discovered an incident disrupting access to certain systems

July 8, 2022: Gateway Rehab confirmed that personal and protected health information may have been impacted

September 21, 2022: A comprehensive review process concluded, confirming that sensitive information of current and former patients may have been compromised

November 18, 2022: Notification letters were issued to all potentially impacted individuals, and Gateway Rehab provided resources to assist them

Legal and Regulatory Implications

Gateway Rehab faced a class-action lawsuit alleging failure to prevent the data breach and inadequate cybersecurity measures

The lawsuit claims that Gateway Rehab breached the Health Insurance Portability and Accountability Act (HIPAA) by failing to maintain appropriate safeguards

The breach was reported to the U.S. Department of Health and Human Services, and Gateway Rehab is cooperating with the Federal Bureau of Investigation

Steps Taken by Gateway Rehab

Gateway Rehab took immediate steps to secure its systems upon discovering the incident

Independent digital forensics and incident response experts were engaged to investigate the breach

Measures were implemented to enhance the security of Gateway Rehab’s digital environment to minimize the risk of a similar incident in the future

Gateway Rehab established a toll-free call center to answer questions and address concerns related to the incident

Breach Submission Date Nov 18, 2022
Converted Entity Name Gateway Rehabilitation Center
Converted Entity Type Healthcare Provider
State PA
Individuals Affected 130,000
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes