Pacific Rehabilitation Centers Data Breach Exposes PHI & PII

Published

March 3, 2025

Updated

March 5, 2025

Pacific Rehabilitation Centers

Types of INFORMATION affected

Names
Social Security Numbers
Dates of Birth
Addresses
Government IDs
Medical Info
Financial Info

On December 30, 2024, Pacific Rehabilitation Centers experienced a significant data breach. An employee discovered a ransomware notice on their computer, prompting immediate action from the company's IT staff.

They swiftly took the servers offline to protect the stored data. While the forensic investigation is still ongoing, it has been confirmed that data on the servers was encrypted. However, it remains unclear if any unauthorized access or exportation of data occurred.

The breach affected approximately 18,900 individuals in the United States.

The compromised information includes a wide range of sensitive data. Personally identifiable information includes names, addresses, social security numbers, dates of brith, and government ID numbers. Protected health information exposed includes information such as diagnosis ande treatment information.

Pacific Rehabilitation Centers's Response

In response to the breach, Pacific Rehabilitation Centers took their servers offline for forensic analysis and transitioned to secure alternative systems within 24 hours to ensure uninterrupted patient care. They have implemented enhanced security measures across all company devices. The executive team is actively working with forensic IT personnel and is leading the transition to an upgraded electronic health record system.

For those potentially affected by the breach, the company recommends placing a free fraud alert on your credit file.

You can contact any of the three major credit bureaus to do so:

Equifax: Equifax Credit Report Services or call 1-800-685-1111
Experian: Experian Help or call 1-888-397-3742
TransUnion: TransUnion Credit Help or call 1-888-909-8872

Additionally, you can request a free credit report from each bureau to check for unauthorized accounts or inquiries. Report any suspicious activity to the FTC at IdentityTheft.gov.

For further questions, Pacific Rehabilitation Centers has set up an Incident Hotline at 206-635-4401, available from 9 am to 1 pm, Pacific Time. They will provide follow-up notices if new relevant information is obtained.

For more information about the data breach, visit their Notice of Data Security Incident.

Protect Your Data

A breach notice means your personal details could be circulating far beyond the organization involved. One practical step is continuous monitoring: services such as Identity Defender (included with an ExpressVPN subscription) can automatically check dark-web markets, flag new credit-file activity, and request removal of your information from data-broker sites.

This kind of “early-warning system” can’t undo a breach, but it can help you spot misuse quickly and limit further exposure. ExpressVPN is offering 61% off, risk-free for 30 days, with ID Theft Insurance included and no extra cost for those who sign up for one or two years.