Data Breach Blunder: When Broomfield Skilled Nursing’s Cybersecurity Flopped Like a Fish Out of Water

Looks like Broomfield Skilled Nursing, now Adara Living, had a ‘Nursing Facility Data Breach’ moment, exposing patient data like a magician’s trick gone wrong. Their cybersecurity, as robust as overcooked pasta, necessitated a wake-up call in the form of fines and mandatory upgrades. Talk about a costly Netflix binge while their house was on fire!

Hot Take:

Well, well, well, Broomfield Skilled Nursing and Rehabilitation Center (now rebranded as Adara Living), seems like your cybersecurity was about as strong as an overcooked spaghetti noodle. What happened to protecting patient data? And waiting months before notifying the affected parties? That’s like realizing your house is on fire and deciding to finish watching the latest Netflix series before calling the fire department. I hope the fine and mandatory upgrades serve as a wake-up call, but hey, at least you’ll have a shiny new disposal policy and incident response plan to show off at the next neighborhood gathering!

Key Points:

  • Broomfield Skilled Nursing Center had a data breach in 2021, exposing personal, financial, and medical data of hundreds of patients and employees.
  • The company had two-factor authentication, but two accounts were not protected, leading to the breach.
  • The Colorado Attorney General’s Office has fined the company and required them to upgrade their information security.
  • The company was criticized for not notifying those affected immediately, which is a legal requirement.
  • As part of the settlement, they are to pay between $35,000 and $60,000, establish a data disposal policy, an incident response plan, and submit annual compliance reports.

Need to know more?

Oops!...They Did It Again

Broomfield Skilled Nursing and Rehabilitation Center, an assisted living facility, found itself in hot water after a data breach in 2021 exposed the confidential data of hundreds of patients and employees. The guilty parties? A pair of unprotected email accounts that were as secure as a bank vault with a 'please do not rob' sign.

Pin the Blame on the Donkey

The Colorado Attorney General's Office dropped the hammer on the facility, announcing a settlement that included a fine and mandatory upgrades to their cybersecurity. The AG's office didn't mince words, calling out the facility for its failure to handle personal data responsibly.

Too Little, Too Late

Adding to their list of mistakes, the facility decided to take its sweet time (read: months) before notifying the affected individuals of the breach. A fact that didn't sit well with the AG's office, as companies are required to notify within 30 days of discovery.

Read the Fine Print

In addition to the fine (which can run up to $60,000), Broomfield Skilled Nursing is required to develop a data disposal policy and an incident response plan, and submit annual compliance reports. All these measures are part of the settlement to ensure this kind of 'oopsie' doesn't happen again.

From Broomfield to Adara

Despite the debacle, the facility continues operations under a new name, Adara Living. The facility boasts the same ownership and staff, proving that even in the face of a data breach, some things never change.