Computer code and text displayed on computer screens. Photographer: Chris Ratcliffe/Bloomberg
(Credit: Chris Ratcliffe / Bloomberg Creative / Getty Images)

A New Jersey continuing care retirement community is calling a potential data breach of resident information an “isolated incident” and is using it as an opportunity to educate staff members and beef up its technical safeguards.

Nov. 19, Lantern Hill, an Erickson Senior Living-mananged CCRC in New Providence, NJ, learned that a former employee — using the credentials of a co-worker — had accessed the community’s communications portal the previous day and had posted an “inappropriate” message to residents.

Jeffrey Getek, a Lantern Hill spokesman, told McKnight’s Senior Living that the community information technology team immediately removed the message and confirmed that the person who had posted it no longer had access to the system.

The community “thoroughly investigated” the incident and reported it to the federal Office of Civil Rights as a Health Insurance Portability and Accountability Act violation. That investigation revealed that the co-worker had shared credentials with the former employee. That staff member was “counseled and disciplined.”

“Although we do not believe resident information was accessed during this time, data such as names, telephone numbers and community addresses are contained within the portal and were potentially available to be viewed,” Getek said, adding that no Social Security number, financial information or medical data are stored within the system.

“We are keenly aware of how important personal information is to residents, and accordingly, a detailed communication was sent to them,” Getek said, adding that Lantern Hill has received no reports from any of its 528 residents that their personal information was used by the unauthorized individual.

In addition to its annual compliance training, Lantern Hill re-educated employees about private safeguards and is working to identify additional technical safeguards. 

The healthcare industry leads the list of industries as the most breached sector, with some of the weakest passwords, according to a study from password manager NordPass. The cost of security breaches was $4.24 million in 2021, with compromised passwords accounting for 20% of all breaches.