In recent times, facilities caring for the elderly and disabled, such as nursing homes and rehabilitation centers, have become increasingly vulnerable to cybercrime, with over half a dozen such institutions reporting significant hacking incidents affecting more than 130,000 individuals in the past month alone. These facilities are particularly attractive to cybercriminals due to the wealth of sensitive data they hold, including Social Security numbers, personal health information, and financial details, which are valuable on the black market. The elderly population, often less vigilant in monitoring their credit and personal information, provides hackers with ample time to exploit the stolen data for fraudulent activities like opening bank accounts or filing fake insurance claims.

One of the most notable breaches involved Hillcrest Convalescent Center in North Carolina, which reported that nearly 106,200 individuals were affected by a hacking incident. Detected in June 2024, the breach compromised sensitive data like names, dates of birth, and Social Security numbers. Hillcrest has since taken steps to mitigate the damage by offering affected individuals complimentary credit and identity theft monitoring services. The breach underscores the significant vulnerabilities within these facilities, which often operate on tight budgets and lack the resources to implement robust cybersecurity programs.

Another significant breach involved three nursing homes and rehab centers connected to the same unnamed third-party vendor, affecting thousands of individuals. These breaches highlighted a common weakness: the reliance on third-party vendors for managing electronic medical records. The compromised data included personal information such as names, addresses, and Social Security numbers, emphasizing the need for enhanced cybersecurity measures not only within the facilities but also with their external partners.

Atlas Healthcare, operating several facilities in Connecticut, reported breaches that occurred as far back as January 2023 but were only recently disclosed. The delayed reporting of these incidents raises concerns about the timeliness and transparency of breach notifications, which are crucial for mitigating the impact on affected individuals. The breaches, which compromised data such as medical and financial information, have prompted Atlas Healthcare to offer credit monitoring services to eligible individuals while also examining their cybersecurity practices to prevent future incidents.

This wave of cyberattacks on nursing homes and rehabilitation centers highlights a critical need for these facilities to reassess their cybersecurity strategies. With budget constraints and limited resources, these institutions must prioritize strengthening their security postures to safeguard the protected health information of their patients. As cybercriminals continue to exploit these vulnerabilities, the risk of becoming a “target of intent” rather than just a “target of opportunity” increases, necessitating proactive measures to protect sensitive data and ensure compliance with regulations.