DC Assisted Living Facility Hit by Malware Breach Exposing 5,200 PHI Records

A malware attack experienced at Westminster Ingleside King Farm Presbyterian Retirement Communities may have allowed the hackers to obtain the protected health information of thousands of its clients.

The Washington D.C., located assisted living center had adapted a wide range of security solutions to stop unauthorized access to its systems, although on this occasion they were unable to prevent the attack.

The malware was identified on November 21, 2017, with quick action taken to identify all instances of the malware on its network and delete the malicious code to eliminate further access. While the malware was completely removed, external assistance was sought to determine how the attackers were able to bypass its security defenses, and whether access to the protected health information of its residents had happened.

The review into the breach showed a number of areas where security could be enhanced to further protect its systems from attack. Ingleside has now adapted a new firewall, upgraded its antimalware and antivirus software, and has put in place two-factor authentication on user accounts. New user credentials have been established and strong passwords set. Employees have also received extra training to help them spot unauthorized access.

While no proof was uncovered to show the protected health information of its residents was exposed, it was not possible to eliminate data access and data theft with 100% certainty. Due to this, all affected people have been alerted about the possible breach and, out of an abundance of caution, residents have been offered credit monitoring and identity theft protection measures via Kroll for one year for free.

No financial detailed were exposed as a result of the malware infection, although names, addresses, Social Security numbers, and other protected health information were potentially obtained.

The breach notice filed with the Department of Health and Human Services’ Office for Civil Rights states that up to 5,228 residents were affected by the security violation.

Author: Maria Perez