cyberattacks on residential care facilities

Cyberattacks Hit Two Residential Care Facilities in Pennsylvania

June 23, 2023

In recent news, Senior Choice, Inc. and Williamsport Homes, both located in Pennsylvania, fell victim to a data breach on April 20, 2023. These reports of cyberattacks on residential care facilities highlight the importance of protecting sensitive health information and the need to comply with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) requirements.

Cyberattacks Hit Two Residential Care Facilities in Pennsylvania

Williamsport Home Cyberattack

The cyberattack on Williamsport Home, a continuing care retirement community, was detected on April 24, 2023, when suspicious activity affecting business operation systems was discovered. Immediate action was taken to contain the situation and secure the computer systems. While the breach did not compromise the systems directly responsible for resident care, it did expose protected health information stored within the affected business systems.

Senior Choice Inc. Cyberattack

Similarly, the Senior Choice Inc. breach was due to a cyberattack that happened on the same date. Senior Choice manages three residential care facilities: The Atrium at 216 Main St., Johnstown, PA; Beacon Ridge at 1515 Wayne Ave., Indiana, PA; and The Patriot at 495 W Patriot St., Somerset, PA. The detection of unauthorized access and system compromise prompted immediate measures to safeguard their internal systems.

Cyberattacks Hit Two Residential Care Facilities in Pennsylvania

Breach Investigations Underway for Williamsport Homes and Senior Choice Cyberattacks

The breach investigation in the residential care facilities is still ongoing. So far, the evidence shows unauthorized access to Senior Choice’s and Williamsport Homes’ internal systems for business operations from April 18, 2023 to April 24, 2023. According to the Senior Choice and Williamsport Homes press releases, no evidence suggests the cyberattack impacted software systems directly involved in resident care. The exact extent of both cyberattacks is yet to be determined, and individuals potentially affected are advised to remain vigilant against identity theft and fraud.

The residential care facilities advised their clients that the following electronic protected health information (ePHI) may have been compromised during the attacks:

  • names
  • addresses
  • birth dates
  • admission dates
  • discharge dates
  • death dates
  • medical record numbers
  • provider or facility name
  • medical condition
  • diagnosis and/or treatment information
  • lab results
  • medications
  • payment amount history
  • insurance payment amount
  • date of service
  • Social Security numbers
  • financial accounts
  • credit card numbers
  • medical information
  • health insurance information
  • driver’s license
  • state identification numbers
  • passport numbers
  • any other data created, used, or disclosed while providing health care services

In response to the cyberattacks, both Senior Choice and Williamsport Homes are taking proactive steps to strengthen their security infrastructure. The facilities have provided notice to all individuals who might be affected. They have also conducted comprehensive investigations, engaging leading industry professionals in data privacy and security. These experts are at the investigation’s forefront and liaise with the relevant government agencies and law enforcement.

Complying With HIPAA Prevents Residential Care Facilities Cyberattacks

Complying with HIPAA regulations is critical in the residential care sector. HIPAA requirements aim to safeguard patients’ PHI from unauthorized access and ensure their privacy and safety. Failure to comply with these regulations can result in severe penalties and irreparable reputational damage.

The Williamsport Homes and Senior Choice cyberattacks highlight the vulnerabilities that residential care facilities face as the healthcare industry becomes increasingly digitized. The compromised ePHI raises concerns about privacy and the potential misuse of personal data. These incidents reinforce the need for heightened security measures and continuous monitoring to protect sensitive information.

Cyberattacks Hit Two Residential Care Facilities in Pennsylvania

Strengthening Security: Implementing Technical Safeguards in Residential Care Facilities

Senior Choice and Williamsport Homes are strengthening their technical safeguards to prevent future breaches. Technical safeguards protect clients’ ePHI. The appropriate policies and procedures should include the following standards:

  • controlled access to ePHI,
  • continuous recording and examination of information system activity to determine security violations,
  • regular risk assessments,
  • proper ePHI alteration and destruction, and
  • comprehensive HIPAA training programs 

Applications of these standards include:

  • encryption and decryption methods,
  • data or message authentication codes,
  • automatic logoffs,
  • emergency access procedures,
  • audit reports, and
  • user authentication methods such as biometrics or smart cards.

These measures are stringent and require thorough and detailed security protocols. They should also employ HIPAA-compliant technology such as secure email, websites, and online faxes. Healthcare facilities must be willing to invest substantially in human and financial resources to comply with HIPAA requirements. However, doing so will prevent more considerable losses in the future, aside from protecting residents’ health information.

The cyberattacks on Senior Choice and Williamsport Homes are a stark reminder of the ever-present cybersecurity threats residential care facilities face. Complying with HIPAA requirements and implementing strong technical safeguards are vital for protecting sensitive information and maintaining the trust and well-being of residents. These incidents should spark a renewed commitment within the industry to fortify security measures, ensuring that residents can continue to receive high-quality care and services in a safe and protected environment.

Kent Cañas

Kent is a content strategist currently specializing in HIPAA-compliant online fax. Her expertise in this field allows her to provide valuable insights to clients seeking a secure and efficient online fax solution.

More great articles
importance of HIPAA compliance
The Importance of HIPAA Compliance

Patients' information and medical records are confidential. With that said, all healthcare providers, institutions, business entities, and data storage and…

Read Story
Slack communications platform
Is Slack HIPAA Compliant?

Is Slack HIPAA compliant? Read on to find out more about Slack's compliance with HIPAA regulations.

Read Story
online fax service healthcare
Patient Information Software: An In-Depth Overview

This article gives an overview of patient information management and its importance in healthcare.

Read Story
Subscribe to iFax Newsletter
Get great content to your inbox every week. No spam.

    Only great content, we don’t share your email with third parties.