Strauss Borrelli PLLC, a leading data breach law firm, is investigating the Select Medical Holdings Corporation (“Select Medical”) regarding its recent data breach. The Select Medical data breach involved sensitive personal identifiable information and protected health information.
ABOUT SELECT MEDICAL HOLDINGS CORPORATION:
Select Medical is a healthcare company which specializes in critical illness recovery, inpatient medical rehabilitation, and outpatient rehabilitation services. Beginning as a regional provider of outpatient rehabilitation, Select Medical grew significantly in size after purchasing NovaCare Physical Rehabilitation Center in 1999.2 Headquartered in Mechanicsburg, Pennsylvania, Select Medical now operates hospitals and rehabilitation clinics across 40 states.3
WHAT HAPPENED?
Recently, Select Medical reported to the Attorney General of Vermont that the sensitive personal identifiable information in its care may have been compromised. According to the breach notice, on July 11, 2024, Select Medical’s third-party vendor, Nationwide Recovery Service (“NRS”), discovered suspicious activity related to certain computer systems which resulted in a network outage.1 As a result, NRS launched an investigation to determine the nature of the incident.
Through its investigation, NRS confirmed that sensitive personal information in its systems belonging to Select Medical patients may have been viewed and obtained by an unauthorized third party between July 5 and July 11, 2024. As a result, NRS began a review of the data to determine what information had been impacted as well as identify the specific individuals affected. On April 9th, 2025, NRS provided Select Medical with a list of patients whose information may have been impacted. On June 6th, 2025, Select Medical began notifying these individuals.3 While the information impacted varies depending on the individual, the type of information potentially exposed includes:
- Name
- Social Security number
- Addresses
- Date of birth
- Patient account numbers
- Provider names
As a result of the breach, Select Medicale. Additionally, on June 6, 2025, Select Medical began mailing data breach notification letters to impacted individuals. According to its website notice, Select Medical is providing individuals whose Social Security numbers may have been involved with complimentary credit monitoring and identity theft protection services. The links to the form breach notification letters that Select Medical filed with the Attorney General of Vermont and posted on its website are below.
If you are a current or former patient of, or have received a breach notification letter from, Select Medical Holdings Corporation:
We would like to speak with you about your rights and potential legal remedies in response to this data breach. Please fill out the form, below, or contact us at 872.263.1100 or sam@straussborrelli.com.
