Broomfield Skilled Nursing and Rehabilitation Center, a care facility located in Broomfield, has been mandated to pay a penalty and enhance its data protection measures after a 2021 incident where the personal details of numerous existing and past patients and staff were jeopardized.

In that year’s March, the center identified a breach in two of its staff email accounts. Even though the center had implemented a two-factor authentication system for their emails, these specific accounts lacked this safeguard. A significant number of emails from these compromised accounts held sensitive personal, financial, and health-related information, with some records going as far back as 2016.

The Colorado Attorney General’s Office made the settlement public on Friday.

“Any breach in cybersecurity can have severe implications, but it becomes especially concerning when it affects our elderly citizens and their caregivers due to negligence by a care facility in securing the private details of its patients and employees,” commented Attorney General Phil Weiser in an official statement. “Though the harm is irreversible in this instance, this settlement serves as a stern reminder that breaches in Colorado’s data protection standards will not be tolerated.”

Also Read: Cisco Amplifies Cybersecurity Footprint with $28 Billion Splunk Acquisition

The state office further condemned the center’s delayed action, pointing out that it took several months to inform those who were affected. By law, such notifications must be issued within a month.

The Attorney General’s Office also claimed that the Broomfield Skilled Nursing and Rehabilitation Center contravened state regulations by not maintaining a proper protocol for disposing of both printed and digital data.

In response to these allegations, Broomfield Skilled Nursing committed to a fine ranging from $35,000 to $60,000. They also promised to establish a data disposal procedure, formulate a plan to respond to future incidents, enhance their existing cybersecurity infrastructure, conduct an annual review of these protective measures, deliver compliance documentation, and aid state monitors in their probes.

In February 2022, Broomfield Skilled Nursing underwent rebranding and is now known as Adara Living, as per a digital announcement. The facility, offering 210 beds, retains its original ownership and workforce as shared in the announcement.