Kisco Senior Living, based in Carlsbad, CA, recently disclosed a ransomware attack that affected patient health information. The attack occurred in June 2023, and more than 34,500 individuals received notification letters regarding the breach on 16 April 2024.
The backstory
Kisco Senior Living was founded in 1990 and operates 20 senior living communities across six U.S. states: California, Utah, North Carolina, Florida, Hawaii, and Virginia.
On 6 June 2023, Kisco detected unusual activity within its computer network, prompting them to secure their systems. Subsequently, they launched an investigation with the help of external cybersecurity experts. Through this investigation, Kisco confirmed that the network disruption was due to a cyberattack, which compromised personal information including names and Social Security numbers.
What was said
In notifications to the Maine Attorney General, Kisco Senior Living confirmed the breach's scope, affecting 26,663 individuals. The company detailed security enhancements and offered affected individuals 12 months of complimentary credit monitoring services, including identity fraud loss reimbursement.
By the numbers
- Kisco Senior Living employs more than 2,457 people and generates approximately $211 million in annual revenue.
- The breach at Kisco affected 26,663 individuals.
- It took more than 10 months (10 April 2024) to determine the types of information involved and the number of individuals affected.
- Affected individuals have been offered 12 months of complimentary credit monitoring services, which include a $1 million identity fraud loss reimbursement policy.
Why it matters
This incident demonstrates the persistent threat of ransomware attacks targeting sensitive personal information, emphasizing robust cybersecurity measures and prompt breach response protocols to safeguard individuals' privacy and prevent further harm.
Additionally, it contributes to a larger trend of escalating cyber threats against organizations across various industries, signaling the growing challenge of securing sensitive data.
