February 01, 2023

Cybersecurity Alert: Former Employee Enters CCRC System


Educating your employees and ensuring that they practice good cyber hygiene can help prevent cyberattacks. One continuing care retirement community (CCRC) is emphasizing this lesson after one of its employees shared credentials with a former employee who then sent an inappropriate message to residents.

The CCRC, Lantern Hill in New Providence, NJ, is calling the incident isolated, said a recent McKnight’s Senior Living article about the breach. Lantern Hill does not believe that resident contact information was breached but has reported the incident to the Office of Civil Rights as a Health Insurance Portability and Accountability Act violation. The community is also taking extra precautions to create safeguards and educate employees, the article said.

Cyberattacks Continue

Cyberattacks of all kinds continue to threaten healthcare organizations. Last month, Tech Time reported in “Ransomware Attacks on Health Care Grow More Dire” that those attacks more than doubled from 2016 to 2021.

LeadingAge CAST Cybersecurity Resources

To reduce your organization’s risk of cyberattack, use the LeadingAge CAST Cybersecurity Resources, which are designed specifically for aging services providers. The resource includes a white paper, case studies, and a benchmarking questionnaire with advice on recognizing threats, mitigating risk, and responding if an attack does occur.

The CAST case study “Managing HIPAA Compliance and Cyber Security Through Partnership” shows how one life plan community increased security. CAST’s resource “Opportunities, and Risks, with New Smart Voice Technology in Senior Living” gives guidance on secure use of voice technologies.

Additional Resources to Safeguard Your Data

In two recent articles, HealthTech has shared additional ways for your organization to safeguard its data.

Enhancing organization-wide user education is featured in “4 Tips to Improve Data Loss Prevention in Healthcare.” The article suggests using any event that triggers your data loss prevention (DLP) system as an opportunity to educate staff members. Other tips include strengthening DLP system visibility, defining permissions and setting access controls, and deploying a cross-platform solution.

Tightening controls around which users and devices are accessing your system is a principle of the zero trust framework, which federal agencies are required to attain by 2024. Check out “Zero Trust Lessons Healthcare Organizations Can Learn from the Federal Government” for more insight on how to begin migrating your organization toward a similar, safer approach.