By HFT Staff

In August 2025, First Rehabilitation Resources (FRR) became aware of suspicious activity on its email system. FRR promptly took action to contain the identified malicious activity, including shutting down the email system and related IT services, and migrating all users to another email service. FRR also worked with cybersecurity experts to confirm that the unauthorized party no longer has access to its systems and that there is no ongoing threat to the security of personal data maintained by FRR.  

Based on its data impact investigation, the data impacted by the breach may have included personal information such as the patient’s name, date of birth, Social Security Number, driver’s license number, government ID number, and medical information or health insurance information. Please note that at this time, FRR has no evidence that any information has been misused by the malicious actor.  

FRR acted quickly to contain the incident and took steps to make sure a similar incident did not happen again. Specifically:  

• Migrated email system: FRR shut down the affected email system and migrated all FRR user accounts to Leidos’ core email platform, which is hosted in a highly secure environment with government-grade security.  
• Upgraded all equipment: All FRR employees were provided with new, secure Leidos-managed laptops and mobile phones.  

With these changes and additional security checks, FRR is confident that its systems are secure and that there is no ongoing risk to patients’ personal information.