Elmcroft Senior Living suffers data breach, patient PII exposed

An unauthorized third party potentially accessed names, dates of birth and, in some cases, Social Security numbers and personal health information, Elmcroft said The personal information of Elmcroft Senior Living residents and their family members, employees and others could have been stolen in a data breach that occurred in mid-May, the Louisville, KY-based company said late Friday in a press release. The properties continue to be operated under the Elmcroft Senior Living name, but by Portland, OR-based Eclipse Senior Living, also referred to as ESL. The company known as Elmcroft Senior Living is now in “wind-down” mode, Zach Olsen of Infinite Global Consulting, speaking on behalf of Elmcroft, told McKnight's Senior Living. Elmcroft said it believes the data security incident started May 10 and said the company became aware of it on May 12, at which time it terminated the third party's access. On June 11, however, he said that the breach was unrelated to Eclipse Senior Living's copying of Elmcroft data to allow it to continue managing the Elmcroft portfolio without interruption.