On March 7, Vancouver, Wash.-based Rebound Orthopedics & Neurosurgery filed a notice of a data breach with the attorney general of Montana, according to a March 12 report from law firm Console & Associates published on JDSupra.
On Feb. 5, all of Rebound's external computer systems went offline, including all patient and scheduling portals. Over two weeks later, all systems remained down, leaving patients unable to call the practice, schedule future appointments or access online portals. At that time, the system had yet to confirm whether or not the outage was the result of a cyberattack.
In its notice, Rebound explained that the incident resulted in an unauthorized party being able to access consumers' sensitive information, and upon completing an investigation, the practice began sending out data breach notification letters to all individuals whose information was affected by the incident.
Rebound Orthopedics' investigation confirmed that an unauthorized party was able to access the company's IT network on Feb. 2, according to the report. It was also determined that the unauthorized party accessed and stole confidential patient information stored on Rebound Orthopedics' computer network.
The practice then reviewed compromised files to determine what information was leaked and what patients were affected. The publicly available data breach letter did not mention what specific data types were leaked.