The Florida-based senior living home has reported a data breach to the Department of Health and Human Services (HHS).
On July 11th, the Freedom Plaza Senior Living home reported a data breach to the HHS. According to the report, the living center was impacted by a hacking incident on their employee email, ultimately resulting in a breach that impacted 4,847 individuals.
The company posted a notice on its website on June 18th, 2025. The notice stated that the breach was first discovered by Freedon Plaza on September 16th, 2024. Impacted data may have included names, addresses, dates of birth, Social Security numbers, driver’s license or state identification information, passport numbers, financial information, biometric information, medical treatment and diagnosis information, and more.
Freedom Plaza shared that data was accessed by an unauthorized party between September 6th, 2024 and October 3rd, 2024. Uniquely, it appears that data continued to be accessed even after Freedom Plaza discovered the breach on September 16th.
The organization said they are continuing to investigate the incident and currently has no evidence that information has been misused.
In their notice, Freedom Plaza stated they are implementing additional security measures and reviewing current policies and procedures related to data security.
According to the Data Science Society, senior living homes are a treasure trove of valuable data; they tend to hold a mixture of personal, financial, and health data that can garner high prices on the dark web. Senior living homes are often small, with a relatively smaller amount of administrative staff, which can make them underprepared for potential attacks. The elderly living in these homes may also not be used to the sophisticated techniques employed by attackers, and may become even more vulnerable. Due to the value of this data, every senior living community should make cybersecurity a top priority by using tools such as Paubox.
While organizations are mandated to report breaches to the HHS within 60 days of discovery, notices are often delayed. While it’s unclear why it was delayed in this case, it is usually because the investigation is ongoing, and Freedom Plaza may have been missing certain information, like the number of impacted individuals.
It’s unclear why Freedom Plaza did not stop the breach when it was initially discovered. It’s possible that they were not able to shut down their systems, as their operations may be critical for providing services. Conversely, Freedom Plaza may have needed additional outside assistance to stop the breach, which could have led to delays. If the incident is further investigated, an answer may become clear.