Retirement communities and long-term care facilities are turning to digital systems to better manage resident care, billing, communication, and lifestyle services. Ranging from electronic health records to online family portals, these digital resources create convenience and efficiency, but they are also accompanied by cybersecurity challenges that must be effectively managed.

Fleet Landing Data Breach Incident, a continuing care retirement community, highlighted the importance of sound digital security when it reported a data breach associated with the disclosure of sensitive personal and protected health information of its residents. While issues of this nature are not limited to one organization, they point to a much broader issue that faces senior living facilities today: it is becoming increasingly difficult to provide the necessary level of protection of resident private information while still providing operational efficiency.

Why Retirement Communities Are Vulnerable

1. Sensitive Resident Data
These communities hold highly personal data pertaining to people’s health records, Social Security numbers, bank accounts, and other contact information making them attractive for hackers, who may use this data for identity theft, financial fraud or ransomware.
 
2. Legacy IT Systems
Many retirement communities utilize legacy software or outdated networking infrastructure. These systems may work for their day-to-day business operations but often do not include robust security features which will make them easier to attain unauthorized access.
 
3. Multiple Access Points
Staff, healthcare providers, external vendors and family members can all access data on residents through various online portals or mobile applications. Each additional access point potentially opens up the possibility of an inadvertent breach or malicious attack without adequate access controls.
 
4. Limited Cybersecurity Measures
In many retirement communities, unlike in large healthcare networks, there are no dedicated IT security professionals. This delays the detection of threats, the patching process, and system monitoring, giving attackers the opportunity to infiltrate the system.

Best Practices for Guaranteeing Residents’ Privacy

Retirement communities who are committed to balancing convenience and privacy should consider implementing a multi-layered approach: 

• Keep Systems Updated Regularly: Ensure that all software, including any resident portals or EHR platforms, have been updated with the latest patches for security. 
• Enforce Strong Access Controls: Limiting access to sensitive data based on staff role, and enforce a strong multi-factor authentication practice. 
• Vendor Security Practices Review: Assess third-party vendor’s security practices for those who touch resident data. 
• Network Segmentation: Segment networks between administrative, clinical, and resident-facing networks minimizing any threat of breach. 
• Staff Training: Train employees about phishing, social engineering, and securely handling resident data. 
• Monitoring and Incident Response: Establish continuous monitoring and practices in place related to an incident when suspicious activity is detected. 

Conclusion

As senior living communities continue to modernize and leverage increasingly digital solutions, cybersecurity will have to be a priority. Technology provides better care and operational efficiency for residents, but also leaves their sensitive data vulnerable to potential threats. The Fleet Landing data breach exemplifies that even the most well-managed facilities can fall prey to breaches. By employing solid security practices, retirement communities can monitor and protect residents’ privacy and use the conveniences of a modern digital enabled environment.