NY elderly care provider reports data breach

Loretto Management Corporation has filed a notice of data breach.

What happened

On July 9th, Loretto Management Corporation filed a notice of a data breach with the Attorney General of Vermont. 

Loretto is a Syracuse, New York-based network of elderly care providers, offering assisted living, skilled nursing, independent living, and more to residents and patients. The company operates nine locations in New York and employs over 2,500 individuals. 

According to the notice, Loretto learned of the breach on May 2nd. The network discovered their information systems had been compromised between May 1st and May 2nd. Loretto reported to the Maine Attorney General that the breach impacted 18,952 individuals. 

Going deeper

According to the report, names or other personal information was breached, but no further details were supplied. Impacted individuals will receive a personalized letter with specific information. 

In the notice, Loretto stated that “there is no evidence that any of the information has been or will be publicly disclosed.” They also shared that there is no evidence that the stolen data contained Protected Health Information. 

The organization said that upon discovery, Loretto immediately took steps to secure their system and investigate. They have now “implemented additional technical safeguards to further enhance the security of information in our possession and to prevent similar incidents from happening in the future.”  Loretto is offering free credit monitoring and identity protection for impacted individuals. 

Why it matters

Data breaches against healthcare organizations, especially senior living communities, are becoming frequent. These organizations are often targeted because of the valuable information they hold, like Social Security numbers, billing information, and medical information. In addition, many facilities are understaffed, making it more likely for human error to result in vulnerabilities. 

Although staffing shortages are challenging to fix, the Center for Medicare & Medicaid Services (CMS), is creating policies to help improve staffing standards in nursing homes. 

Accidental error is one of the biggest causes of data breaches, especially for email breaches. Busy nurses and doctors may not encrypt data or may make other avoidable errors. Automating processes is the easiest way to avoid costly mistakes. 

Related: HIPAA Compliant Email: The Definitive Guide. 

The big picture

As data breaches become more common, so do lawsuits. Class action lawsuits can devastate healthcare organizations, especially smaller ones, but are filed to provide restitution for victims and encourage organizations to take proper security measures. Currently, multiple law firms are investigating the incident at Loretto.