What happened in the Loretto data breach?
Loretto Management Corp., a nonprofit long-term care organization, formally notified the attorney general of Vermont of a data breach on July 11th. An unauthorized third party had gained access to Loretto’s information technology network between May 1-2. This allowed the hackers to access sensitive consumer information stored on Loretto’s systems.
Loretto engaged third-party security experts to investigate the breach, which lasted from May 2nd through June 11th. The forensic investigation revealed the breach occurred due to a cyberattack where an unauthorized party accessed Loretto’s IT network and sensitive consumer data.
What information was compromised?
While the official notification letter from Loretto did not specify what types of data were compromised, individual breach notification letters sent to victims provided more details. It appears the cyberattack exposed personally identifiable information (PII) like names, addresses, dates of birth, Social Security numbers, medical/health information, and other sensitive consumer data.
The impact of Loretto breach
Loretto employs over 2,500 employees across nine located in central New York. It provides skilled nursing, short-term rehab, independent living, assisted living, and memory care services to over 9,000 individuals annually. As a major nonprofit senior living provider with revenues exceeding $300 million per year, the data breach impacts a large number of residents and clients.
Growing risks of cyberattacks in senior living and healthcare
Cyberattacks targeting the healthcare and senior living sectors have risen significantly. In late February, a major cyberattack impacted operations at Optum/Change Healthcare, one of the largest healthcare IT firms. The incident disrupted claims processing and prior authorizations across the industry for weeks.
The Loretto data breach highlights the growing risks these organizations face from hackers. Protecting sensitive consumer data is paramount as cybercriminals increasingly target the healthcare and aging services fields for valuable personal and medical information.
In summary, the Loretto cyberattack resulted in a major data breach exposing personal details on thousands of individuals. As cybersecurity risks escalate, senior living providers must strengthen defenses to prevent future incidents and keep consumer information safe. The long-term impacts on residents and their families remains to be seen.
