Cyber Incident Victim: Rebound Orthopedics & Neurosurgery

On May 22, 2018, Rebound Orthopedics & Neurosurgery, a Vancouver-based provider of diagnosis and treatment services, experienced a data breach involving unauthorized access to an employee’s email account. The intrusion was perpetrated by an unknown actor, compromising sensitive personal information belonging to patients and employees. The exposed data included Social Security numbers and limited health information, though the specific medical details affected were not disclosed. Approximately 2,800 individuals were impacted by the incident, though the company did not clarify the proportion of patients versus employees affected. Rebound Orthopedics publicly confirmed the breach months later, with reporting by CISOMAG emerging on October 9, 2018. The organization did not disclose how the email account compromise was detected or whether multi-factor authentication was in use at the time. No further technical details regarding the attack vector, such as phishing or credential theft, were provided in the available statements.

The breach exposed victims to potential identity theft and fraud due to the theft of Social Security numbers, which are highly sensitive identifiers. Health information exposure also carried inherent privacy risks, though the scope of medical data involved remained unspecified. Rebound Orthopedics did not publicly outline specific remediation steps offered to affected individuals, such as credit monitoring services. The company’s official statement acknowledged the incident but omitted details about containment actions, forensic investigations, or coordination with law enforcement. The four-month gap between the breach discovery and public reporting raised questions about internal response timelines, though no regulatory penalties or legal consequences were cited in the source material.