Vancouver’s Rebound Orthopedics & Neurosurgery confirms systems hack

Rebound Orthopedics & Neurosurgery confirmed its computer systems were compromised in early February, according to a statement posted on its website.

The confirmation came more than a month after the company first announced that external systems were shut down Feb. 5.

Patients can now make new appointments and access records, and all locations are fulfilling scheduled appointments, according to Rebound’s website.

“On Feb. 3, 2024, Rebound discovered that our computer systems had been compromised. We are pleased to report that we have completed our work restoring these systems, and we are fully operational,” its website stated as of Wednesday.

“We assure you that the privacy and security of all information entrusted to us is one of our top priorities. Our investigation into the impact of the incident remains ongoing, and we will promptly notify any patients whose personal information may have been inappropriately accessed and/or acquired by an unauthorized party in connection with the incident.”

A Rebound employee hung up the phone Wednesday morning when The Columbian reached out for further comment.

During the shutdown, one Rebound patient, who did not want to be named due to health privacy reasons, told The Columbian she had been unable to reach the company for weeks prior, which delayed her short-term disability checks.

Rebound has 11 locations across Southwest Washington and Portland. Each clinic specializes in different services, including orthopedics, neurosurgery, physical therapy and hand therapy. The company also serves as team physicians for the Portland Trail Blazers and the Portland Winterhawks.

In October 2018, Rebound announced it experienced a data breach five months earlier that may have revealed personal health information. About 2,800 patients were potentially affected by the breach. Rebound said the delay in alerting patients was due to the amount of work computer forensic contractors needed to assess the extent of the breach.

Cyber incidents in health care are on the rise, according to the U.S. Department of Health and Human Services. From 2018 to 2022, there was a 93 percent increase in large breaches reported to the Office for Civil Rights, along with a 278 percent increase in large breaches involving ransomware.

In the past, cyber incidents affecting hospitals and health systems have led to disruptions in care and scheduling, delayed medical procedures and posed a risk to patient health information, according to the Department of Health and Human Services.

“Unfortunately, we are living in a time where cyber attacks from malicious insiders are not uncommon. Now more than ever, the risks to patient protected health information cannot be overlooked and must be addressed swiftly and diligently,” Office for Civil Rights Director Melanie Fontes Rainer said in a recent news release in an unrelated cybersecurity investigation. “Cyber attacks do not discriminate based on organization size or stature, and it’s incumbent that our health care system follows the law to protect patient records.”

On Dec. 6, the Department of Health and Human Services released a plan that outlines its cybersecurity strategy for the health care sector, including publishing health care-specific cybersecurity goals, working with Congress to develop support for hospitals to improve cybersecurity and increasing accountability within the health care sector.