Navesink Rehab confirms data breach exposed protected health information following ransomware attack

On June 2, 2025, Navesink Rehab, a multidisciplinary rehabilitation center in Red Bank, New Jersey, discovered a data security incident affecting certain systems within its network environment.

The breach was linked to a ransomware attack orchestrated by the BLACKLOCK group, who claimed responsibility on their dark web site just one day later, on June 3. BLACKLOCK stated they had exfiltrated sensitive data and threatened to publish it within a week if their demands were not met.

According to the notice of data security incident from Navesink Rehab, the information potentially exposed in this incident includes both personally identifiable information (PII) and protected health information (PHI): individual names, insurance information, diagnostic and clinical notes, and dates of birth.

This combination of data is particularly sensitive, as it can be used for identity theft, insurance fraud, and medical identity theft. While Navesink Rehab has not specified the exact number of affected individuals, the breach encompasses both patients and staff.

Navesink Rehab's response

To support those affected, Navesink Rehab has provided detailed guidance on steps individuals can take to protect themselves from identity theft and fraud. These recommendations include:

• Placing a fraud alert on credit files with the three major credit bureaus
• Considering a security freeze on credit reports to prevent unauthorized access
• Obtaining free annual credit reports and monitoring them for suspicious activity
• Reviewing insurance statements and explanation of benefits for unfamiliar charges or services
• Contacting insurance providers for a full year-to-date report of services paid
• Remaining vigilant in checking financial account statements and credit reports

Additionally, the company has set up a toll-free hotline at 1-888-530-7735 for questions regarding the incident.

Given the ransomware nature of this breach and the involvement of a known cybercriminal group, it is especially important for affected individuals to take these precautions seriously. Even though there is no current evidence of misuse, the exposure of both PII and PHI means the risk of future identity theft or fraud remains elevated.