Colorado Attorney General Takes Action Against Care Facility’s Data Breach

Reading Time: ( Word Count: )

September 24, 2023
Nextdoorsec-course


Broomfield Skilled Nursing and Rehabilitation Center, a care facility located in Broomfield, has been mandated to pay a penalty and enhance its data protection measures after a 2021 incident where the personal details of numerous existing and past patients and staff were jeopardized.

In that year’s March, the center identified a breach in two of its staff email accounts. Even though the center had implemented a two-factor authentication system for their emails, these specific accounts lacked this safeguard. A significant number of emails from these compromised accounts held sensitive personal, financial, and health-related information, with some records going as far back as 2016.

The Colorado Attorney General’s Office made the settlement public on Friday.

“Any breach in cybersecurity can have severe implications, but it becomes especially concerning when it affects our elderly citizens and their caregivers due to negligence by a care facility in securing the private details of its patients and employees,” commented Attorney General Phil Weiser in an official statement. “Though the harm is irreversible in this instance, this settlement serves as a stern reminder that breaches in Colorado’s data protection standards will not be tolerated.”

Also Read: Cisco Amplifies Cybersecurity Footprint with $28 Billion Splunk Acquisition

Colorado Attorney General Takes Action Against Care Facility's Data Breach

The state office further condemned the center’s delayed action, pointing out that it took several months to inform those who were affected. By law, such notifications must be issued within a month.

The Attorney General’s Office also claimed that the Broomfield Skilled Nursing and Rehabilitation Center contravened state regulations by not maintaining a proper protocol for disposing of both printed and digital data.

In response to these allegations, Broomfield Skilled Nursing committed to a fine ranging from $35,000 to $60,000. They also promised to establish a data disposal procedure, formulate a plan to respond to future incidents, enhance their existing cybersecurity infrastructure, conduct an annual review of these protective measures, deliver compliance documentation, and aid state monitors in their probes.

In February 2022, Broomfield Skilled Nursing underwent rebranding and is now known as Adara Living, as per a digital announcement. The facility, offering 210 beds, retains its original ownership and workforce as shared in the announcement.

Saher Amari

Saher Amari

Author

Saher is a cybersecurity researcher with a passion for innovative technology and AI. She explores the intersection of AI and cybersecurity to stay ahead of evolving threats.

Other interesting articles

How Important is Physical and Cyber Security for Businesses: A Comprehensive Overview

How Important is Physical and Cyber Security for Businesses: A Comprehensive Overview

Physical and cyber security have become increasingly important for businesses of all sizes in today's digital age. ...
What Are the Best CCTV Cameras to Invest In: A Comprehensive Guide

What Are the Best CCTV Cameras to Invest In: A Comprehensive Guide

Investing in CCTV cameras is a smart move for anyone looking to secure their property. With the rise in crime ...
Unveiling the Mystery: Does TikTok Notify When You Save Someone’s Videos?

Unveiling the Mystery: Does TikTok Notify When You Save Someone’s Videos?

TikTok, with its rapidly growing user base and innovative content, has become a pivotal platform in today’s ...
Effortless Fixes for ‘Why is TikTok Not Letting Me Follow Anyone’

Effortless Fixes for ‘Why is TikTok Not Letting Me Follow Anyone’

Have you ever excitedly tapped the follow button on a TikTok creator's profile, only to find that the app seems to ...
0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *