A Broomfield nursing home will have to pay a fine and upgrade its information security systems following a 2021 data breach that exposed the personal data of hundreds of current and former patients and employees.
In March of that year, the facility discovered that two employee email accounts had been compromised. The company had established two-factor authentication for him to access the email system, but the two accounts were not secured. Tens of thousands of emails from his two accounts contain personal, financial, and medical data, some of which date back to 2016.
The Colorado Attorney General’s Office announced the settlement on Friday.
“While all cybersecurity threats are potentially devastating, elderly Coloradans and their caregivers are at risk of becoming victims of cybercrime because nursing homes failed to properly handle the personal data of patients and employees. This is especially problematic if the General Phil Weiser said: press release. “Although the damage has already been done in this case, let this settlement serve as a warning that we will not hesitate to take action against companies that fail to comply with Colorado’s data protection laws.”
The office also criticized the company’s response, saying it waited months to notify those affected. Companies are legally required to do this within 30 days.
The office alleged that Broomfield Skilled Nursing and Rehabilitation Center also violated state law by not having a paper and electronic data disposal policy in place.
Bloomfield Skilled Nursing will receive a fee starting at $35,000 to develop a disposition policy and incident response plan, make other updates to information security systems, annually review the safeguards in place and submit a compliance report, and cooperate with investigations. Agreed to pay $60,000. By condition monitor.
Became a Bloomfield Skilled Nurse Adara Living According to February 2022 social media posts. The 210-bed facility has the same owners and staff, according to a post from the facility.