Hawaii SNF reports data breach of 20,000 records

A skilled nursing facility on the Hawaiian island of Oahu is among the latest victims in a string of data breaches reported by healthcare companies in the past year. 

As McKnight’s previously reported, 322 healthcare organizations suffered data breaches in 2022 — the third year in a row the industry led all others in the number of data compromises.

Aloha Nursing Rehab Centre in Kaneohe, HI, notified 20,016 residents last month of a data breach that occurred in early July. According to the notification, the SNF discovered the breach in late December “after an extensive forensic investigation and manual document review.” Accessed files contained personal information for a limited number of individuals. Breached information contained full names, dates of birth, Social Security numbers, financial account information, driver’s license or state identification numbers, medical record and/or resident/patient account numbers, health information and health insurance information, according to the facility.

Aloha Nursing Rehab Centre said there is no evidence that any personal information has been or will be misused as a direct result of this incident. “However, out of abundance of caution, commencing on February 24, 2023 Aloha Rehab Nursing Centre notified individuals whose information may have been included in the files accessed by the unauthorized party,” the administrators wrote.

A New Jersey continuing care retirement community is calling a potential data breach of resident information in January an “isolated incident” and is using it as an opportunity to educate staff members and beef up its technical safeguards.

There is no evidence that the hackers demanded ransom from Aloha Nursing Rehab Centre. However, healthcare and public health agencies were the most-attacked sectors for ransomware last year, according to the Federal Bureau of Investigation. 

The volume of cyberattacks has remained constant in recent years, according to BankInfoSecurity, but ransom payments have declined. For example, when cybercriminal syndicate Hive hit Consulate Healthcare in January, potentially exposing a significant amount of resident, patient and staff data, the nursing home chain refused to pay the ransom.

“They will not be rewarded for their actions,” the company said in a statement at the time. “We have been able to fully recover our systems without capitulating to extortion demands.”