In early 2024, a ransomware attack hit Grace Lutheran Communities, a provider of skilled nursing, assisted, and independent living services, exposing sensitive patient information [1]. This is not the first time a cyber attack has targeted a healthcare and senior living facility, and it won’t be the last.

Not only do the rights of senior citizens increasingly depend on nursing home cybersecurity measures, but the facilities are also legally required to protect their information and ensure smooth operation.

Common Cyber Threats

Nursing homes are required to educate their staff and ensure their systems are protected against common threats, including ransomware, phishing, and insider attacks.

Ransomware attacks can not only expose patient information, but also prevent the staff from accessing important medical data, such as medication dosages. Phishing attacks often open patient information, especially tax forms and Social Security numbers, to criminals who would abuse this data.

Finally, there is another, particularly insidious, type of cybersecurity threat, which comes from current and former employees who access sensitive files and use them to financially exploit vulnerable residents, sometimes forcing them to make changes to their estate documents.

Key Cybersecurity Measures

To protect the rights of elderly patients, nursing homes must focus on various security measures, such as data encryption, regular audits, and staff education about cybersecurity threats.

Furthermore, it’s important to establish advanced access controls to ensure no one but authorized personnel sees sensitive information.

Legal Frameworks Supporting the Rights and Safety of the Elderly

As a vulnerable group, elderly patients are protected by laws such as the Elder Justice Act. The EJA is a comprehensive law that protects senior adults from exploitation, abuse, and neglect in all forms.

When it comes to cybersecurity, HIPAA requires all nursing homes to take cybersecurity measures to protect patient data, but also to ensure all patients have rights over their electronic protected health information (ePHI).

The Case of a Rehabilitation Center in Missouri

However, nursing homes do not always take measures to fulfill these obligations, or the measures are not sufficient. Unfortunately, in some cases, they show other types of patient abuse and neglect.

In 2024 alone, there were many cases of elderly abuse, neglect, and exploitation across the US, which is an unacceptable state of things. With over 200 complaints, Aspen Point Health and Rehabilitation was the nursing home or rehabilitation center with the most substantiated complaints. [2]

Other stats show this Missouri health center had a nursing staff turnover rate of over 30% more than the US average, along with a long list of complaints, fines, and cases of endangering patient safety. [3] The facility also had a complaint of failing to keep residents’ records private and confidential. [4]

People with relatives in this or other rehabilitation and nursing facilities who suspect their relatives have been abused or neglected should consult a nursing home abuse attorney in Missouri to seek justice and compensation from the nursing home, its staff, or other parties.

Abuse Prevention

Cybersecurity and legal professionals must work together to protect senior citizens.

Cybersecurity can help prevent abuse, neglect, and exploitation of nursing home residents by monitoring homes for unusual activity that can point to such harmful practices, maintaining data integrity through protection and staff education, and finally, creating secure systems for reporting abuse or neglect.

Legal professionals, from policymakers to lawyers, can create better regulations for the nursing home industry, with a particular focus on patients’ rights to privacy and safety. Finally, legal professionals are here to help enforce these regulations and punish facilities that use their position of power to cause harm.

Sources: [1] HIPAA Journal; [2] Statista; [3], [4] ProPublica