A Connecticut senior living and care provider is warning that a data security breach potentially affected assisted living residents as well as rehabilitation patients in three locations.
Atlas Healthcare CT announced last week that personal information may have been exposed from individuals who received care at Arbors of Hop Brook, a Manchester, CT, assisted living community, as well as Manchester Rehabilitation and Healthcare Center in Manchester, CT, and Vernon Rehabilitation and Healthcare Center in Vernon, CT, according to the Hartford Courant.
The breach, which occurred Jan. 20, included the names, addresses, dates of birth, Social Security numbers, medical and health insurance information, driver’s license numbers and financial information of individuals.
The company did not provide information on the number of people affected or the nature of the attack. Atlas Healthcare had not responded to a request for comment from McKnight’s Senior Living by the production deadline.
The company indicated that it conducted an investigation, notified police and engaged cybersecurity professionals to determine the extent of the breach. Individuals potentially affected by the breach were notified via mail and were offered free credit monitoring services, according to the media outlet.
The cost of data leaks
A recent report from Fortified Health Security revealed that the number of cybersecurity incidents within healthcare has increased by 104% — affecting 40 million people — last year.
Data leaks have proved costly and time-consuming, with high profile cases such as HCA Healthcare’s data leak this summer, which led to multiple lawsuits. PharMerica, which serves more than 3,000 assisted living and skilled nursing pharmacy programs, was sued this year for failing to notify customers of a data breach in a timely fashion.
Research conducted by Ponemon Institute found that the healthcare industry reported the most expensive data breaches of 17 various industries.
The reason senior living communities and nursing homes often are vulnerable to cyberattacks, according to cybersecurity company NordLayer, is human error, including weak passwords or unintentional actions by employees that result in allowing security breaches to occur or spread.
Senior living a target for data breaches
Senior living and care operators have been a common target for hackers, with several data breaches reported in the past year:
- The operators of four not-for-profit senior living and care communities in Pennsylvania reported suspicious activity this summer that affected some of their internal systems used for business operations. Senior Choice and The Williamsport Home both said that unauthorized individuals may have accessed personal information about residents, providers and facilities.
- This spring, a vendor of clinical and third-party administrative services to managed care organizations serving elderly and disabled individuals disclosed a data breach affecting more than 4.2 million people. Independent Living Systems said the breach occurred in July 2022. The company is facing a class action lawsuit.
- Medicalodges, a Kansas-based long-term care provider, was one of two companies targeted by the Karakurt Ransomware Extortion Group this spring. Last summer, the US Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center issued a warning that the Karakurt ransomware group was targeting healthcare organizations after four providers — including an assisted living provider — were targeted. A life plan community, Blakehurst, fell victim in December.
- Last fall, Lantern Hill, an Erickson Senior Living-managed continuing care retirement / life plan community in New Jersey, used a potential data breach of resident information as an opportunity to educate staff members and beef up its technical safeguards.
- Senior living providers were among the victims of the NetWalker hacker ring in 2022 that extorted at least $27.6 million from dozens of businesses — healthcare providers, including senior living providers, as well as law enforcement and educational institutions all over the world.
- Avamere Health Services, an Oregon-based senior living and skilled nursing provider, announced last summer that its computer network was breached, affecting the personal information of some of its employees as well as some employees of affiliated entities.
