image of hacker in code
(Credit: japatino / Getty Images)

The federal government is putting senior living and other healthcare providers on the alert for cyberattacks, sharing that an assisted living community has been among those affected by a ransomware group’s campaign.

Along with the unnamed assisted living community, a dental firm, a healthcare provider and a hospital have been among the providers targeted in cyberattacks by the Karakurt ransomware group in the past three months, according to the Health Sector Cybersecurity Coordination Center, or HC3, of the US Department of Health and Human Services.

An earlier alert from HC3 noted that Karakurt emerged late last year and likely is tied to the Conti ransomware group, which has successfully attacked more than 16 healthcare providers since early 2021. 

According to the latest alert, issued last week, Karakurt actors claim to steal data, then threaten to auction them off or release them to the public unless ransom demands ranging from $25,000 to $13 million in Bitcoin are met. The alert notes that Karakurt typically conducts reconnaissance of its targets for two months before making a threat, accessing files containing names, addresses, Social Security numbers, dates of birth, medical and treatment information, and health insurance information. 

Cyberattack victims have reported “extensive harassment” campaigns, in which employees, business partners and clients receive a series of emails and phone calls warning them to encourage the providers to negotiate to prevent the release of their personal information. 

Karakurt reportedly obtains access to this information by exploiting vulnerabilities, phishing and spear phishing, malicious email attachments, stolen credentials, and outdated firewalls and servers.


HC3 recommended that companies apply appropriate cybersecurity practices to defend their infrastructure and data from attacks. 

Among the center’s recommendations for companies are to maintain multiple copies of sensitive or proprietary data and servers in a separate location, segment networks and keep offline backups of data, regularly back up data, update antivirus software and firmware, and enforce multi-factor authentication for logins.

Senior living providers have been the victims of cyberattacks in the past. Recently, Wilsonville, OR-based Avamere Health Services experienced a computer network breach affecting the personal information of its employees and affiliated entities and currently is facing a related lawsuit. Last fall, Cincinnati-based Episcopal Retirement Services announced that it was implementing additional safeguards to its existing cybersecurity infrastructure and enhancing training after experiencing two ransomware attacks.

Other senior living companies affected by beaches have included American Senior Communities, Elmcroft Senior Living and Watermark Retirement Communities. Operators also have been affected through relationships with staffing companies, software companies and insurers

A Verizon Business 2022 Data Breach Investigations Report found that in general, cyber threats are on the rise. Recent ransomware attacks increased 13% year over year, a rate that is higher than the past five years combined. The report also found that external actors are four times more likely to cause breaches in an organization than are internal actors.