Cyberattack Announced by First Street Family Health and Northeast Rehabilitation Hospital Network

First Street Family Health located in Salida, CO has experienced a dangerous cyberattack that led to the exfiltration of files composed of patient data and then erased from its systems. It’s nowadays usual to have this type of attack. Data is stolen, deleted, and then the threat actors sent threats to publish or offer the information for sale in case the victim doesn’t give ransom payment. Nevertheless, files do not get encrypted using ransomware.

First Street Family Health mentioned that it discovered the attack on July 16, 2022. The investigation confirmed that the attackers at first acquired access to its systems on July 5, 2022. The provider stopped the attacker’s access on July 16. Electronic medical records from June 28, 2021 to July 15, 2022 were removed. Even though those files had backup copies, the files were similarly removed hence the information in those records was lost. There was no confirmation received that signifies the stealing of those files. Medical recommendation forms saved on the affected computer systems were probably accessed or obtained, nonetheless, those data were properly recovered from backup copies.

The breached records included: complete names, addresses, telephone numbers, dates of birth, email addresses, dates and nature of services, diagnoses, conditions, laboratory test data, prescription drugs, medical insurance identification cards, and numbers, billing data, and Social Security numbers.

Notification letters had been mailed to impacted persons on August 26, 2022, and free memberships to credit monitoring service by CyberScout were offered. First Street Family Health stated a national cybersecurity agency helped with the investigation and performed a security assessment, and more security steps are being put in place according to the firm’s instructions.

The breach is not yet published on the HHS’ Office for Civil Rights breach website, therefore it is presently unknown how many people were affected.

Northeast Rehabilitation Hospital Network Tells Patients About Cyberattack in 2021

Northeast Rehabilitation Hospital Network (NRHN) based in Salem, NH has begun informing patients regarding the likely access of unauthorized persons to its computer network and sensitive information might have been stolen. The data breach was noticed on September 30, 2021 because of the odd activity inside its system. The succeeding investigation affirmed the compromise of its systems between September 30, 2021 and October 5, 2021.

NRHN mentioned the delay in providing notifications to impacted persons was because of the labor-intensive procedure of examining all affected data on its network, and that process wasn’t done until August 3, 2022. Right now, notification letters are being delivered and people will be advised in those letters concerning the types of data that were impacted. NRHN stated it does not know of any attempted or actual patient data misuse and that it provided credit monitoring and identity theft protection services to affected individuals.

At this time, the specific number of impacted persons is still not sure.

About the Author

Elizabeth Hernandez
Elizabeth Hernandez is the editor of HIPAA News. Elizabeth is an experienced journalist who has worked in the healthcare sector for several years. Her expertise is not limited to general healthcare reporting but extends to specialized areas of healthcare compliance and HIPAA compliance. Elizabeth's knowledge in these areas has made her a reliable source for information on the complexities of healthcare regulations. Elizabeth's contribution to the field extends to helping readers understand the importance of patient privacy and secure handling of health information. Elizabeth holds a postgraduate degree in journalism. You can follow Elizabeth on twitter at