System hacked image

Tucson, AZ-based Watermark Retirement Communities is the latest victim of a data security breach, in this case one that may have compromised the personal information of 208 residents and others.

The company sent out a notice on Wednesday that it became aware of a “cyber intrusion” in September. The senior living operator hired an outside cyber forensic firm to investigate the incident and determine what information may have been accessed in the breach.

That investigation, along with a detailed records search, determined in late December that the names, addresses and phone numbers of 192 residents and 16 others may have been accessed, a Watermark spokesperson told McKnight’s Senior Living. The breach potentially affected Watermark communities in 10 states: Arizona, California, Florida, Michigan, New Jersey, New Mexico, Ohio, Pennsylvania, Texas and Washington.

Watermark, the 11th-largest senior living operator in 2020 according to the American Seniors Housing Association and 13th-largest senior living provider according to Argentum, manages 64 retirement communities across 21 states with more than 6,000 employees and more than 11,500 beds.

Company officials sent notifications to potentially affected individuals to inform them of the incident and to offer complimentary credit monitoring services. The company also established a toll-free call center to answer questions about the incident and to help potentially affected individuals enroll in credit monitoring services.

Watermark said it is not aware of the misuse of any information at this point.

“Watermark deeply regrets any concern or inconvenience this issue may have caused and is taking affirmative steps based on the findings of the investigation to prevent a similar event from occurring in the future, including working with leading cybersecurity experts to enhance the security of its digital environment,” the company said in a statement.

Earlier this month, the Department of Justice announced a coordinated international law enforcement action against hackers who defrauded a senior living provider, among other victims, of more than $27 million.

Last summer, Lorien Health Services was the victim of a data breach that exposed the personal information of almost 50,000 residents, and Choice Health Management Services had an email data breach that affected an undisclosed number of residents, employees and third parties associated with its communities.

In 2019, a data breach at Tenx Systems, doing business as ResiDex Software, which provides software for assisted living communities and other organizations, affected almost 60 facilities or companies in four states. In 2018, Elmcroft Senior Living was the victim of a data breach, and in 2017, American Senior Communities said that more than 17,000 people could have been affected by data breach that began with an email phishing scheme.