The officials at Rebound Orthopedics & Neurosurgery stated that they’ve fallen victim to a major data theft that exposed its customers’ personal data, including Social Security numbers and limited health information. The Vancouver-based diagnosis and treatment services company stated around 2,800 of its patients and employees may have been affected by the incident.
As per the official statement, on May 22, 2018, an unknown perpetrator allegedly obtained unauthorized admission to an employee’s email account. The suspicious activity was immediately discovered and halted after Rebound alerted its security department. On Aug. 8, 2018, Rebound’s computer forensic investigation declared that patients’ name, date of birth, Social Security number, driver’s license number, financial account information, and limited health information may have been compromised in the incident.
“Although at this time there is no evidence of any attempted or actual misuse of anyone’s information as a result of this incident, Rebound has sent notification letters to the potentially impacted individuals to notify them of this incident and to provide resources to assist them,” the company said in a statement.
Rebound Executive Director John Bauman said the company believes the attack occurred due to a phishing email with attachment received by one of its employees. The employee downloaded the email attachment that released a malware and resulted in a data breach, Bauman said.
The company is notifying the affected individuals via emails on how to monitor and protect their personal data and has also established a call center to address the issues about the incident. Rebound stated that it’s offering free identity theft protection and credit monitoring services through cybersecurity company Kroll.
“The privacy and protection of personal information is a top priority for Rebound, which sincerely regrets any concern or inconvenience that this matter may cause,” Rebound said.