Colorado Attorney General Takes Action Against Care Facility’s Data Breach

Reading Time: ( Word Count: )

September 24, 2023
Nextdoorsec-course


Broomfield Skilled Nursing and Rehabilitation Center, a care facility located in Broomfield, has been mandated to pay a penalty and enhance its data protection measures after a 2021 incident where the personal details of numerous existing and past patients and staff were jeopardized.

In that year’s March, the center identified a breach in two of its staff email accounts. Even though the center had implemented a two-factor authentication system for their emails, these specific accounts lacked this safeguard. A significant number of emails from these compromised accounts held sensitive personal, financial, and health-related information, with some records going as far back as 2016.

The Colorado Attorney General’s Office made the settlement public on Friday.

“Any breach in cybersecurity can have severe implications, but it becomes especially concerning when it affects our elderly citizens and their caregivers due to negligence by a care facility in securing the private details of its patients and employees,” commented Attorney General Phil Weiser in an official statement. “Though the harm is irreversible in this instance, this settlement serves as a stern reminder that breaches in Colorado’s data protection standards will not be tolerated.”

Also Read: Cisco Amplifies Cybersecurity Footprint with $28 Billion Splunk Acquisition

Colorado Attorney General Takes Action Against Care Facility's Data Breach

The state office further condemned the center’s delayed action, pointing out that it took several months to inform those who were affected. By law, such notifications must be issued within a month.

The Attorney General’s Office also claimed that the Broomfield Skilled Nursing and Rehabilitation Center contravened state regulations by not maintaining a proper protocol for disposing of both printed and digital data.

In response to these allegations, Broomfield Skilled Nursing committed to a fine ranging from $35,000 to $60,000. They also promised to establish a data disposal procedure, formulate a plan to respond to future incidents, enhance their existing cybersecurity infrastructure, conduct an annual review of these protective measures, deliver compliance documentation, and aid state monitors in their probes.

In February 2022, Broomfield Skilled Nursing underwent rebranding and is now known as Adara Living, as per a digital announcement. The facility, offering 210 beds, retains its original ownership and workforce as shared in the announcement.

Saher Mahmood

Saher Mahmood

Author

Saher is a cybersecurity researcher with a passion for innovative technology and AI. She explores the intersection of AI and cybersecurity to stay ahead of evolving threats.

Other interesting articles

Automated vs Manual Penetration Testing

Automated vs Manual Penetration Testing

Pentesting is largely divided into two methodologies: Automated vs Manual Penetration Testing. Both have ...
8 Steps in Penetration Testing You Should Know

8 Steps in Penetration Testing You Should Know

Mastering the art of penetration testing has become a critical ability for security experts to combat cyber ...
Spear Phishing vs Whaling: What is the Difference

Spear Phishing vs Whaling: What is the Difference

Spear phishing is a particularly devious type of phishing assault in which the individual targeted plays a ...
0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *