Broomfield Skilled Nursing and Rehabilitation Center, a Colorado-based assisted living facility, is facing penalties following a 2021 data breach that exposed the personal data of hundreds of patients and employees. The breach was discovered in March 2021 when two employee email accounts were found to be compromised. Despite having two-factor authentication for its email system, the two affected accounts were unprotected, exposing tens of thousands of emails containing personal, financial, and medical data, some dating back to 2016.
The Colorado Attorney General’s Office announced the settlement, emphasizing the severity of the breach, especially considering the vulnerability of the elderly population and their caregivers. Attorney General Phil Weiser expressed concern over the facility’s handling of personal data and highlighted the importance of adherence to Colorado’s data protection laws. The office also criticized the facility’s delayed response in notifying the affected individuals, a legal requirement within 30 days of discovering the breach.
In addition to the delayed notification, Broomfield Skilled Nursing and Rehabilitation Center allegedly violated state law by not having a proper data disposal policy in place. As part of the settlement, the facility agreed to pay a fine ranging from $35,000 to $60,000. It is also required to develop a data disposal policy and an incident response plan, make updates to its information security systems, review the safeguards annually, submit compliance reports, and cooperate with state investigations.
Despite the name change to Adara Living in February 2022, the 210-bed facility maintains the same ownership and staff, ensuring continuity in addressing the breach’s aftermath and implementing the mandated security enhancements. The incident serves as a stern reminder for all organizations to prioritize robust data protection measures, ensuring the security and privacy of all individuals involved.
Source: CBS News
To mitigate potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net or you can try your self using check.website.