A data breach during the summer has potentially given hackers access to health records and personal information of both residents and staff at 40 nursing homes, according to HMG Healthcare, the healthcare services provider whose servers were compromised. The breach was first identified in November, and the incident was traced back to August.
While the specific information stolen remains undisclosed, HMG Healthcare has taken steps to mitigate potential harm and ensure that the data is not further disseminated. The company has also stated that it is enhancing its data security protocols in response to the breach.
HMG Healthcare CEO Derek Prince expressed apologies for any inconvenience and concern caused by the incident, pledging the organization’s commitment to correcting the situation and improving protections for affected individuals in the future.
Cybersecurity continues to be a high priority for healthcare organizations, with senior care and living operations being particularly vulnerable. Factors contributing to this vulnerability range from weak passwords and staff errors to outright theft. The cost of such breaches can be substantial, as evidenced by a recent settlement involving senior living operator Acts Retirement-Life Communities, which incurred a $1 million cost.
The HMG Healthcare leak is suspected to be a result of a ransomware attack, leading the company to potentially negotiate with hackers to prevent further damage. The disclosure of the breach is seen as a necessary step to comply with regulatory requirements and address potential HIPAA violations.
