ProMedica

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

Acts Retirement Services Data Breach

Acts Retirement Services, Inc., and its affiliated companies experienced a significant data breach in April 2022. The breach involved unauthorized access to the network on April 29, 2022, potentially compromising sensitive personal information of over 18,200 employees. The information exposed includes names, Social Security numbers, financial account information, and routing numbers[1].

Acts Retirement Services is a not-for-profit Pennsylvania corporation that operates ACTS Retirement-Life Communities, Inc., which provides residential, assisted living, and skilled care services to seniors. With 26 locations, it is the third-largest not-for-profit owner, operator, and developer of continuing care retirement communities in the United States[1].

Following the breach, Acts Retirement Services began notifying individuals whose information may have been impacted and offered free credit monitoring services. A class action lawsuit was filed against the company, alleging inadequate security systems and exposing victims to a heightened risk of identity theft and fraud[3].

In January 2023, Acts Retirement Services agreed to settle the proposed class action lawsuit. The settlement, which received preliminary approval from U.S. District Judge Gene E.K. Pratter, includes up to $350 for out-of-pocket losses for class members, two years of credit monitoring and identity theft protection, and the implementation of more robust cybersecurity measures by Acts[3].

The total number of affected individuals was reported to be 21,000, including both employees and residents. The proposed settlement is expected to cost Acts Retirement Services $1 million[6]. A final approval hearing for the settlement is scheduled for July 2, 2024[3].

Acts Retirement Services has also committed to implementing additional safeguards and enhancements to further strengthen their systems with the assistance of external cybersecurity specialists[6].

Citations:

  1. https://www.turkestrauss.com/2022/06/28/acts-retirement-breach-investigation/
  2. https://www.prnewswire.com/news-releases/mease-life-affiliates-with-acts-retirement-life-communities-301944614.html
  3. https://www.classaction.org/news/acts-retirement-services-hit-with-class-action-following-april-may-2022-data-breach
  4. https://news.bloombergtax.com/tax-insights-and-commentary/secure-acts-require-prompt-action-from-retirement-plan-sponsors
  5. https://news.bloomberglaw.com/litigation/acts-retirement-to-pay-over-1-million-to-settle-breach-suit
  6. https://www.mcknightsseniorliving.com/home/news/data-breach-could-affect-21000-cost-senior-living-operator-1-million/
  7. https://news.bloomberglaw.com/privacy-and-data-security/acts-retirement-sued-over-data-breach-of-employee-personal-info
  8. https://skillednursingnews.com/2023/09/these-10-largest-nonprofit-nursing-home-providers-own-30-of-facilities-nationwide/
  9. https://apps.web.maine.gov/online/aeviewer/ME/40/f3631267-0885-4bdd-9949-773e1093686f.shtml
  10. https://www.mcknightsseniorliving.com/home/news/senior-living-a-growth-area-for-leadingage-ziegler-200-not-for-profit-providers/
  11. https://www.actsretirementdatasettlement.com/faqs
  12. https://skillednursingnews.com/2023/06/chatgpt-and-beyond-how-artificial-intelligence-is-shaping-the-future-of-nursing-home-operations/
  13. https://www.mass.gov/doc/assigned-data-breach-number-26817-acts-retirement-services-inc-and-affiliates-0/download
  14. https://www.usnews.com/info/blogs/press-room/articles/2023-05-04/u-s-news-reveals-2023-2024-best-senior-living-ratings
  15. https://www.law360.com/healthcare-authority/digital-health-technology/articles/1781970/acts-retirement-data-breach-suit-settlement-gets-initial-ok
  16. https://www.prnewswire.com/news-releases/acts-retirement-life-communities-to-celebrate-50th-anniversary-of-senior-living-leadership-301564197.html
Breach Submission Date Jul 19, 2022
Converted Entity Name ProMedica
Converted Entity Type Healthcare Provider
State OH
Individuals Affected 1,178
Breach Type Unauthorized Access/Disclosure

Breach Information Location Email

Business Associate Present Yes