Elmcroft Senior Living is notifying an unspecified number of residents of a hacking incident that occurred on May 10 and that was discovered on May 12.
According to a template of their notification letter submitted to the California Attorney General’s Office, the May 10 hack included files containing personal information about residents or their family members:
The third party may have accessed demographic data and personal health information about you or your family member, including your or your family member’s name, date of birth, address, and in some instances, a social security number. In some cases, personal health information of our former residents and patients of our health care facilities may also have been accessed.
In response to the attack, and in conjunction with notifying state and federal authorities, Elmcroft arranged for services to be provided by Kroll to those affected. Elmcroft has also been reviewing their security measures to determine if any additional changes need to be made.