Livonia, Michigan – Today, Rainbow Rehabilitation Centers, Inc. (“Rainbow”) notified  potentially affected individuals that their personal information may have been compromised during a recent security incident. Rainbow provides care and therapeutic rehabilitation services  for individuals with brain and spinal cord injuries from its treatment centers and residences  located throughout southeastern Michigan.  

On December 22, 2020, Rainbow discovered that information related to its employee  group health plans as well as limited number of its patients’ protected health information (“PHI”)  was potentially exposed to a third party following a cybersecurity incident (the “Incident”). The  Incident involved a single email account. Immediately upon discovery of the Incident, Rainbow engaged its cybersecurity team and independent forensic consultants to investigate and contain  the Incident. Since discovering the Incident, Rainbow has worked diligently to identify the  individuals and information affected by the Incident.  

The information that was potentially accessed during the Incident varies and, depending  upon the individual affected, may include an individual’s name, social security number, driver’s  license number, appointment scheduling notes, as well as medical plan and benefits enrollment  information. At this time, there is no indication that the personal information of any group health  plan beneficiary or Rainbow patient has been used inappropriately by an unauthorized individual and Rainbow has implemented new security protocols to reduce the likelihood of a similar event  occurring in the future. 

Rainbow has issued letters to all individuals identified as potentially affected, notifying  them of the data compromised, the steps Rainbow has taken to correct the issue, and what  cautionary steps individuals may wish to take. For those individuals whose social security  number were involved, Rainbow has offered a one-year credit monitoring service at no cost  through IDX, the data breach and recovery services expert. An eligible individual wishing to  activate the complimentary credit monitoring service should follow the instructions found on the  notice letter he or she will receive from Rainbow.  

Anyone concerned that the privacy of their information may have been affected should  call 833-726-0946. Individuals can also monitor their credit reports through the three credit bureaus. Under federal law, an individual is entitled every 12 months to one free copy of his or  her credit report from each of the three major credit reporting companies. To obtain a free  annual credit report, go to www.annualcreditreport.com or call 1-877-322-8228.