25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Malware Causes 5,200-Record Data Breach at DC Assisted Living Facility

Posted By on Jan 26, 2018

A malware infection at Westminster Ingleside King Farm Presbyterian Retirement Communities has potentially enabled the attackers to gain access to the protected health information of thousands of its residents.

The Washington D.C., based assisted living facility had implemented a wide range of security solutions to prevent unauthorized access to its systems, although in this instance they were unable to block the attack.

The malware was discovered on November 21, 2017, with rapid action taken to identify all instances of the malware on its network and remove the malicious code to prevent further access. While the malware was successfully removed, assistance was sought from third party experts to determine how the attackers had managed to bypass its security defenses, and whether access to the protected health information of its residents had been gained.

The investigation into the breach highlighted a number of areas where security could be improved to further protect its systems from attack. Ingleside has now implemented a new firewall, upgraded its antimalware and antivirus software, and has adopted two-factor authentication on user accounts. New user credentials have been issued and strong passwords set. Staff have also received additional training to help them identify unauthorized access.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

While no evidence was uncovered to suggest the protected health information of its residents was accessed, it was not possible to rule out data access and data theft with 100% certainty. Consequently, all affected individuals have been notified about the potential breach and, out of an abundance of caution, residents have been offered credit monitoring and identity theft protection services via Kroll for 12 months without charge.

No financial information was compromised as a result of the malware infection, although names, addresses, Social Security numbers, and other protected health information were potentially compromised.

The breach notice submitted to the Department of Health and Human Services’ Office for Civil Rights indicates up to 5,228 residents were impacted by the security breach.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist