Former senior housing operator Elmcroft Senior Living announced on Friday a data security incident that may have exposed the personal information of its residents, employees, clients and patients—including some people who now live in or work for Elmcroft by Eclipse Senior Living communities.
The Louisville, Kentucky-based company became aware on May 12 of an unauthorized third party that had accessed its services in Louisville two days before, according to a press release from Elmcroft Senior Living. Elmcroft terminated the access and is now working with local and federal law enforcement as they investigate the hack.
The potentially compromised information includes names, birth dates, and in some cases, personal health information and Social Security numbers.
Elmcroft no longer manages the Elmcroft community portfolio; the Portland, Oregon-based Elmcroft by Eclipse Senior Living—led by former Holiday Retirement CEO Kai Hsiao—began managing those communities in January.
A spokesperson for Eclipse sought to emphasize that the data breach occurred under the previous regime.
“While Eclipse Senior Living has continued to use the ‘Elmcroft’ brand name, it is completely separate from and not related to Elmcroft Senior Living, Inc., the company that experienced the breach,” Eclipse said in a statement to Senior Housing News. “Furthermore, Elmcroft by Eclipse Senior Living has no involvement with the storage or management of the data systems impacted. Elmcroft by Eclipse Senior Living stores all data separately in a secure environment.”
Eclipse stressed that its new technology systems and data were not affected, though some current Eclipse associates and residents were affected by Elmcroft’s data breach.
The former Elmcroft will offer a free year of credit monitoring to the affected parties.
Written by Maggie Flynn