Small Michigan Physical Therapy Practice Reports Loss of Patient Data Due to Cyberattack
Complete Care Rehab, a small physical therapy practice in East Pointe, Michigan, has been targeted by cybercriminals who gained access to its network and potentially viewed or acquired patient information. Suspicious activity was identified within its IT environment on or around May 11, 2025. Third-party cybersecurity experts were engaged to investigate the activity, and the forensic investigation confirmed that patient data was exposed and potentially stolen, including names, phone numbers, addresses, email addresses, dates of birth, diagnoses, treatment information, dates of service, and health insurance information may have been compromised. For a limited number of patients, Social Security numbers were also involved.
It is unclear from the substitute data breach notice whether ransomware was used in the attack. Data had to be restored from backups, but the restoration process failed, and all patient information was lost. Since it was not possible to determine exactly which patients were affected, the decision was taken to send notification letters to all 4,764 current and former patients.
Notification letters were mailed to the affected individuals on July 2, 2025. Complete Care Rehab said it is reviewing and enhancing its existing policies and procedures related to data privacy and security to prevent similar incidents in the future. The incident demonstrates the importance of testing backups to ensure that file recovery is possible.
Susan B. Allen Memorial Hospital Investigating Potential Cyberattack
Susan B. Allen Memorial Hospital in El Dorado, Kansas, is investigating a cybersecurity incident after receiving complaints from patients who were unable to access its online appointment scheduling system. The investigation identified anomalous activity within its network, which resulted in a system outage. Third-party cybersecurity experts have been engaged to assist with the investigation and support its recovery efforts. At such an early stage of the investigation, it has yet to be determined if patient information has been exposed or stolen. A spokesperson for the hospital confirmed that patients will be notified if their data has been exposed or stolen.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Update: Susan B. Allen Memorial Hospital has confirmed in a notification to the HHS’ Office for Civil Rights that the protected health information of up to 12,097 individuals was compromised in the incident.
