Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Breach
2021
Broomfield Skilled Nursing and Rehabilitation Center settles breach-related charges with Colorado Attorney General

Broomfield Skilled Nursing and Rehabilitation Center settles breach-related charges with Colorado Attorney General

Table of Contents

Incident Details

A resolution was declared by Attorney General Phil Weiser regarding Broomfield Skilled Nursing and Rehabilitation Center, LLC., due to their negligence in safeguarding the confidential information of numerous patients and staff members during a data breach in 2021. The breach took place when unauthorized individuals gained access to two employee email accounts, resulting in the exposure of numerous emails containing sensitive personal, financial, and medical details of both present and past patients and employees. Additionally, the organization was found to lack a formal data disposal policy and to have postponed informing the affected individuals promptly.

Incident

How Did the Breach Happen?

A security incident took place when unauthorized individuals accessed two employee email accounts that did not have two-factor authentication enabled.

What Data has been Compromised?

The leaked emails included sensitive information such as personal, financial, and medical details of numerous past and present patients and staff members.

Why Did the company's Security Measures Fail?

The organization did not ensure that every employee email account had two-factor authentication activated, and they also lacked a formal written policy for data disposal.

What Immediate Impact Did the Breach Have on the company?

Following the breach, a resolution was reached with the Colorado Attorney General, necessitating the corporation to both be fined and adhere to regulations concerning the safeguarding of data.

How could this have been prevented?

To prevent the breach, it would have been possible to avoid it by making sure that every employee's email accounts had two-factor authentication and by putting in place a documented policy for disposing of data.

What have we learned from this data breach?

The incident underscores the significance of robust security protocols like two-step verification and emphasizes the necessity for organizations to implement documented guidelines for data disposal.

Summary of Coverage

After experiencing a breach in 2021 where the personal data of individuals was exposed due to compromised email accounts of two employees, Broomfield Skilled Nursing and Rehabilitation Center has reached a resolution with the Colorado Attorney General regarding the charges related to the breach.

Is your System Free of Underlying Vulnerabilities?
Find Out Now