RAINBOW REHABILITATION NOTIFIES CERTAIN INDIVIDUALS OF DATA COMPROMISE
Livonia, Michigan – Today, Rainbow Rehabilitation Centers, Inc. (“Rainbow”) notified potentially affected individuals that their personal information may have been compromised during a recent security incident. Rainbow provides care and therapeutic rehabilitation services for individuals with brain and spinal cord injuries from its treatment centers and residences located throughout southeastern Michigan.
On December 22, 2020, Rainbow discovered that information related to its employee group health plans as well as limited number of its patients’ protected health information (“PHI”) was potentially exposed to a third party following a cybersecurity incident (the “Incident”). The Incident involved a single email account. Immediately upon discovery of the Incident, Rainbow engaged its cybersecurity team and independent forensic consultants to investigate and contain the Incident. Since discovering the Incident, Rainbow has worked diligently to identify the individuals and information affected by the Incident.
The information that was potentially accessed during the Incident varies and, depending upon the individual affected, may include an individual’s name, social security number, driver’s license number, appointment scheduling notes, as well as medical plan and benefits enrollment information. At this time, there is no indication that the personal information of any group health plan beneficiary or Rainbow patient has been used inappropriately by an unauthorized individual and Rainbow has implemented new security protocols to reduce the likelihood of a similar event occurring in the future.
Rainbow has issued letters to all individuals identified as potentially affected, notifying them of the data compromised, the steps Rainbow has taken to correct the issue, and what cautionary steps individuals may wish to take. For those individuals whose social security number were involved, Rainbow has offered a one-year credit monitoring service at no cost through IDX, the data breach and recovery services expert. An eligible individual wishing to activate the complimentary credit monitoring service should follow the instructions found on the notice letter he or she will receive from Rainbow.
Anyone concerned that the privacy of their information may have been affected should call 833-726-0946. Individuals can also monitor their credit reports through the three credit bureaus. Under federal law, an individual is entitled every 12 months to one free copy of his or her credit report from each of the three major credit reporting companies. To obtain a free annual credit report, go to www.annualcreditreport.com or call 1-877-322-8228.