The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Kisco Senior Living & Island Ambulatory Surgery Center Disclose Summer 2023 Cyberattacks

Posted By on Apr 23, 2024

Notification letters have been sent to more than 34,500 individuals about ransomware attacks that occurred more than 9 months ago. Kisco Senior Living experienced its attack in June 2023, and Island Ambulatory Surgery Center suffered an attack in July.

Kisco Senior Living

Kisco Senior Living is a Carlsbad, CA-based operator of 20 senior living communities in 6 U.S. States. According to the notification letters mailed to the affected individuals in April 2024, a cyberattack was detected on June 6, 2023, when its network was disrupted. A cybersecurity firm was engaged to investigate the disruption and confirmed that unauthorized individuals accessed its network and exfiltrated files containing the personal information of residents. It took more than 10 months (April 10, 2024) to determine the types of information involved and the number of individuals affected.

According to the notification sent to the Maine Attorney General, the breach included names and Social Security numbers and affected 26,663 individuals. Kisco Senior Living said additional security features have been implemented to prevent similar breaches in the future and the affected individuals have been offered 12 months of complimentary credit monitoring services, which include a $1 million identity fraud loss reimbursement policy.

Island Ambulatory Surgery Center

Island Ambulatory Surgery Center in Brooklyn, NY, has recently notified 7,900 individuals about a cyberattack that was detected on or around July 31, 2023. Cybersecurity experts were engaged to investigate the breach and determined that an unauthorized actor had access to its network and acquired certain files, some of which contained patients’ personal and health information.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

The review of the affected files was completed on February 7, 2024, and confirmed some or all of the following information was compromised: name, date of birth, Social Security number, driver’s license number, medical information, and/or health insurance information. Notification letters were mailed to the affected individuals on April 5, 2024. Island Ambulatory Surgery Center said it takes privacy and security seriously and has implemented measures to prevent similar incidents in the future.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist