DECATUR, Ill. (WAND) – Ivy Rehab, which has locations in Decatur, Clinton, and Bloomington, announced a data security breech.
There may have been unauthorized access to patient information.
Ivy Rehab said there is no evidence of any attempted or misuse of patient information.
Any patient whose information may have been accessed is being notified.
In May of 2019, Ivy Rehab found evidence to suggest a limited number of employee email accounts may have been inappropriately accessed.
They notified their information technology team. The team found additional evidence that certain employee email accounts were accessed by unknown unauthorized parties. Ivy Rehab also had a forensic firm investigate the nature and extent of the unauthorized access to their email system. The investigation identified certain employee email accounts that were potentially accessed by unauthorized parties as a result of a presumed phishing campaign targeting employees.
On September 26, 2019, after searching the contents of the affected email accounts, they discovered the accessed email accounts may have contained patient information about some current and former patients including patients’ first and last names in combination with one or more of the following attributes: protected health information, Social Security numbers, and financial account information.
Ivy Rehab is offering complimentary identity theft restoration and credit monitoring services through Equifax to help protect any impacted current and/or former patients for a certain period of time.
If you think your information may be at risk, call (833) 935-1376 Monday through Friday, 8:00 am to 8:00 p.m. Central Time.