25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Multiple Life Care Services Senior Living Facilities Impacted by Data Breach

Posted By on Jul 16, 2025

Multiple Life Care Services senior living facilities have been affected by a data security incident. Suspicious email account activity was identified on or around September 16, 2024. After securing the email system, a forensic investigation was launched that confirmed that several employee email accounts had been accessed by an unauthorized third party between September 5 and September 11, 2024. The review of the accounts confirmed that staff and resident data had been exposed and potentially copied.

The accounts were reviewed and found to contain a wide range of personal information of staff members and residents. The information exposed in the incident varied from individual to individual and may have included names in combination with one or more of the following data elements: address, birth date, Social Security number, driver’s license number/state ID number, passport number, USCIS/alien registration number, U.S. military identification number, account username/ password, financial account number and access information, payment card access information, Medicaid/Medicare number, health insurance information, health record number, patient account number, provider name/location, clinical information, medical treatment or procedure information, mental or physical diagnosis information, prescription information, and/or biometric information.

Life Care Services facilities known to have been affected include:

  • Freedom Plaza Senior Living in Sun City Center, Florida – 4,847 affected individuals
  • Freedom Square of Seminole, Florida – 3,473 affected individuals
  • Regency Oaks in Clearwater, Florida – 2,008 affected individuals
  • Galleria Woods in Hoover, Alabama – unknown

It is currently unclear how many individuals have been affected by the data breach. Notification letters started to be mailed to the affected individuals on July 11, 2025, and complimentary credit monitoring and identity theft protection services have been made available. Additional security measures have been implemented, and data security policies and procedures are being reviewed.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Southern Connecticut Vascular Center

Shelton, CT-based Southern Connecticut Vascular Center, has announced a cybersecurity incident first identified on May 7, 2025. The incident impacted its IT systems, although further information about the cause of the incident was not disclosed, other than that law enforcement was notified about the incident.

The forensic investigation confirmed that patient data was exposed, including names, addresses, treatment information, and health insurance information. No misuse of the exposed information has been identified, although the affected individuals have been advised to monitor their accounts and explanation of benefit statements and notify the appropriate entities if any suspicious activity is identified. The incident is not yet shown on the HHS’ Office for Civil Rights breach portal, so it is unclear how many individuals have been affected.

Frank D. Lanterman Regional Center

Frank D. Lanterman Regional Center, a Los Angeles, CA-based social services organization, recently reported an email data breach to the HHS’ Office for Civil Rights that potentially involved unauthorized access to the protected health information of 19,000 individuals. Lanterman explained in its breach notification letters that the investigation confirmed that unauthorized individuals accessed certain email accounts between August 2024 and December 2024. The preliminary review was completed on June 16, 2025, when Lanterman first discovered that protected health information may have been compromised. Lanterman then had to verify contact information for the affected individuals, and notification letters were mailed on July 18, 2025.

The exposed data included names, dates of birth, Social Security numbers, government-issued ID numbers, medical and treatment records, health insurance information, and financial and billing information. Since the breach, Lanterman has taken steps to improve the cybersecurity of its email environment and has provided additional training to the workforce. The affected individuals have been offered complimentary credit monitoring and identity theft protection services for 12 months.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist