Cyberattacks on nursing homes: How to protect your loved ones
Taking care of your loved ones comes in many forms: cooking a warm meal after a long day, lending a listening ear when life gets tough, sending a check-in text just because or making sure they receive the right support at a nursing home. But as recent events have shown, care shouldn't stop there.
Physical and mental well-being are essential, but protecting finances and personal information is just as important.
I'll walk you through some steps you can take and some services worth considering to stay one step ahead of cybercriminals.
Scammers and fraudsters often have no moral compass, and they increasingly target the most vulnerable, especially nursing homes and the personal data of their residents.
Take the case of Hillcrest Nursing Home, the victim of a cyberattack that led to a data breach affecting more than 100,000 people. Names, birth dates, Social Security numbers, patient records, treatment information, insurance details and provider data — all leaked in a single incident.
The good news? There are things you can do to help safeguard your loved ones' financial and personal data in the event of a similar breach.
In the first few months of 2025 alone, more than half a dozen nursing homes have reported some form of cyberattack. Experts say elderly patients are being targeted because they're simply easier marks, from limited digital literacy to a lower likelihood of regularly monitoring their financial or medical accounts.
Add to that the often outdated and vulnerable IT infrastructure of nursing homes, and you've got a prime target. As a security advisor from Optiv, a cybersecurity solutions company, explains, these centers typically operate on tight budgets, which means cybersecurity isn't always a top priority — or even feasible at the level it should be.
Cybercriminals are becoming increasingly sophisticated, but, with the right precautions, you can protect your loved ones from falling victim to these threats. Here's a guide to six essential actions you can take to safeguard their personal and financial information.
Data breaches usually happen for one reason — financial gain. This often involves selling stolen information to scammers or hackers who use it for fraudulent activities, such as running credit fraud schemes. Since many forms of identity theft revolve around credit accounts, it's crucial to take action if your or a loved one's personal data has been exposed.
One of the most effective ways to prevent credit fraud is by placing a security freeze on your credit accounts. A security freeze stops anyone from opening new accounts, issuing new cards or conducting any credit-related activities in your name while the freeze is in place.
If managing this process feels overwhelming, consider using an identity theft protection service. These services can handle placing and managing security freezes on your behalf, saving you time and ensuring the process is done correctly. Many of these services also offer additional features, such as credit monitoring and alerts, to help you stay on top of potential threats to your personal information. Taking this step can significantly reduce the risk of identity theft and provide peace of mind that your financial information is secure.
Identity theft companies can monitor personal information like your Social Security number, phone number and email address and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals. See my tips and best picks on how to protect yourself from identity theft.
A fraud alert is an extra layer of protection for your credit accounts. Like a credit freeze, you can set it up with all three credit bureaus.
When you activate a fraud alert, it notifies the bureaus that there may be suspicious activity on your account. As a result, any attempts to open new credit or make changes will be looked at more carefully.
Equifax: You can place a fraud alert online or by calling their customer support at (888) 298-0045.
Experian: Place a fraud alert online or contact their customer service at (888) 397-3742.
TransUnion: You can place a fraud alert online or call them at (800) 916-8800.
Now that your credit accounts are secured, there's one more step worth taking, a broader layer of protection. I'm talking about personal data removal services. These companies specialize in removing your personal information from the internet. With how easy it is for someone to find details like your name, address, contact info, relatives and more, you and your loved ones are at greater risk for scams and identity theft.
This is especially true for older adults, who are often seen as easier targets by scammers. Even just for peace of mind, it's worth taking this extra step. There are plenty of services out there that tackle this issue. Check out my top picks for data removal services here.
Install strong antivirus software to further safeguard your loved ones' devices and personal information. Strong antivirus programs help block malware, spyware and phishing attempts that can lead to identity theft.
The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.
Encourage your loved ones to regularly review their bank and credit card statements for any suspicious transactions or do it for them. Early detection can help prevent significant financial loss.
Many elderly people fall victim to scams due to limited digital literacy. Providing basic cybersecurity education, such as recognizing phishing emails, avoiding suspicious links and using strong passwords, can significantly reduce their risk of being targeted. Consider using a password manager to generate and store complex passwords. Get more details about my best expert-reviewed Password Managers of 2025 here.
Remember that protecting your loved ones from cyber threats and identity theft is an ongoing process. It's not just about taking a few steps and forgetting about it. It's about continually updating your strategies as new threats emerge. By combining these measures, like freezing credit accounts, using fraud alerts, removing personal data from the internet, installing strong antivirus software, regularly reviewing financial statements and educating them on internet safety, you can significantly reduce the risk of identity theft and provide peace of mind for both you and your loved ones.
Have you or a loved one ever been a victim of a cyberattack or identity theft? How did you handle it? Let us know by writing us at Cyberguy.com/Contact
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter
Follow Kurt on his social channels
Answers to the most asked CyberGuy questions:
New from Kurt:
Copyright 2025 CyberGuy.com. All rights reserved.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
6 hours ago
- Yahoo
Millcreek man says over $1000 was stolen from EBT account
David Cannavino is just one of the countless people here in Erie who depend on his EBT card to buy food and other necessities. He said he had over $1,000 in his account, but when he checked it again on Thursday, he was left with only $1.05. 'I just… I'm still dumbfounded about it,' said Cannavino, a Millcreek resident. Cannavino's account showed his card was charged twice to a bodega he's never heard of in Chicago. Credit card skimming scams: What they are, and how to avoid being a victim He said he doesn't use a credit card machine without checking for skimmers first and always shops at the same places, and he believes his account was hacked. 'It's going to be nuts until the card gets loaded again because I'm retired, I'm on social security and that's all I get, so it impacts me hard,' said Cannavino. After he learned that his EBT account was empty, he came to the Erie County Assistance Office on Holland Street, but he didn't get very far. 'I let them know about it, I gave them my card, and then they said, 'Okay, well…' They sent me in to talk to some guy and the guy says, 'There's nothing we can do about it. Our hands are tied.' So, you know, what am I going to do now?' said Cannavino. SNAP funds stolen from 17 Pennsylvanians, over $8,000 lost Cannavino said he spoke to other recipients at the assistance office who said their money disappeared, too. An official at the assistance office told JET24/FOX66 that they couldn't answer our questions but referred us to another official in Harrisburg. That official told us that he hadn't heard about the problem but assured his office is working to get to the bottom of it. However, that's not going to help Cannavino and the other recipients who now don't have money to buy food. New lock safety feature could help SNAP benefit recipients avoid theft 'Due to the end of congressional authorization in December 2024, benefits stolen via card skimming, fraud or other electronic theft after December 20, 2024, cannot be reissued,' said Val Arkoosh, PA Department of Human Services Secretary. According to the US Food and Nutrition Service, the 2025 American Relief Act did not extend the authority to replace stolen SNAP benefits. However, the Department of Human Services has already launched a program to help people lock their EBT cards, and you can find more information . Copyright 2025 Nexstar Media, Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.
Yahoo
7 hours ago
- Yahoo
The Fake Job Offer That Could Cost You Everything
Think you'd never fall for a fake job offer? Think again. The fastest-growing scam in America right now isn't about Nigerian princes or shady crypto—it's texts offering high-paying jobs for easy tasks. And as the job market tightens, younger job seekers are falling hard. Business Insider reported that according to the Federal Trade Commission, Americans lost nearly $470 million to scam texts in 2024. While fake delivery notices topped the list, job offer scams were number two. These messages often impersonate companies like Temu, Amazon, or Target and promise thousands in exchange for simple tasks like rating products or boosting apps. What makes these scams particularly dangerous is how realistic they seem. Many victims are asked to share personal information, Social Security numbers, IDs, even bank details, under the guise of onboarding. The twist? Some are even told to purchase office equipment with fake checks and send back the 'overpayment,' only to discover the checks bounce after their money is long gone. The FTC's Kati Daffan says reported losses to job scams have tripled since 2020. Proofpoint's Selena Larson notes these scams thrive on emotional manipulation—excitement, urgency, and the fear of missing out on a rare opportunity. And Gen Z is especially vulnerable. Between remote work expectations, a harsh job market, and a culture that handles everything by text, many don't think twice about engaging with a recruiter over a messaging app. As one expert put it, younger users 'just click, click, click.' The rise of AI has made it even easier for scammers to craft realistic, mistake-free messages. Combine that with financial anxiety and a lack of coordinated enforcement, and you've got a scammer's dream scenario. The best defense? Slow down. Research the offer. If a job pays in crypto, conducts interviews via text, or asks for money upfront—it's likely a scam. Real employers don't operate like Fake Job Offer That Could Cost You Everything first appeared on Men's Journal on Jun 5, 2025
Yahoo
11 hours ago
- Yahoo
Scranton-based treatment center faces eight lawsuits over data breach
A Scranton-based nonprofit addiction treatment organization faces eight class-action lawsuits regarding a data breach involving health and personal identification records of over 22,000 former and current patients. The separate, but similar, lawsuits filed from May 14 to May 23 in Lackawanna County Court each name as the defendant Drug and Alcohol Treatment Service of 441 Wyoming Ave. Claiming the agency negligently failed to safeguard its information technology network, the lawsuits are all potential class actions filed by prospective lead plaintiffs on behalf of themselves and all others similarly situated. The lawsuits seek court certification of the class and unspecified damages, fees, costs and interest. Certification, if approved, would be a key step in favor of the plaintiffs. Whether or how the court might consolidate the cases also remains to be seen. Efforts to reach the nonprofit company were unsuccessful. A 'Notification of Data Security Incident,' posted on the website of the organization, says it 'became aware of unauthorized activity' on its network around Oct. 6 and took immediate action to secure it and have outside specialists investigate. By April 15, the analysis determined that a limited amount of information may have been accessed between Oct. 5-6, and 'the potentially affected information included patient names, addresses, dates of birth, Social Security numbers, health insurance information, patient account numbers, medication information, diagnosis and treatment information, doctor names, and medical claims and billing information,' according to the notice. It added that DATS also implemented additional network security measures and reviewed its data protection policies and procedures. 'Although we have no evidence of misuse of information as a result of this incident, we encourage potentially impacted individuals to enroll in complimentary credit monitoring and identity protection services we are making available,' the notice said. One lawsuit described the treatment center's corrective actions as 'too little, too late,' because the victims of stolen data lost time in detecting and preventing identity theft and face an increased risk of it. The company notified a governmental agency about the data breach on April 24, listing 22,215 victims, but waited until May 2 to issue a public notice and begin sending out letters to those affected by the incident, according to one of the lawsuits. Some of the other claims in the lawsuits include: • The cybercriminals appear to be a notorious ransomware group, 'Interlock,' which claimed credit for the breach and transfer of at least 133 gigabytes of data. If the data has not already been published on the dark web, it likely would happen soon. • The breach was preventable through various ways, including encryption, training, spam filters, firewalls, anti-virus and malware programs, to name a few. The agency should have known it was at risk because cyber attacks targeting health care entities have become widespread. • Plaintiffs already have spent considerable time reviewing bank accounts, monitoring credit and changing passwords and have suffered fear, anxiety and stress. Victims now face years of constant monitoring of their financial and personal records. Fraudulent activity might not come to light for years, and there could be a time lag in detecting it. • The center failed to adhere to federal guidelines and industry standards and violated health information protection rules. • Some of the other counts include: breaches of implied contract, confidence and fiduciary duty; unjust enrichment; and invasion of privacy. Seven lawsuits each had one individual lead plaintiff, while the other one had two plaintiffs filing jointly. The suits listed six plaintiffs as former patients, but did not specify the other three. The dates of filings, number of prospective lead plaintiffs and law firms representing them include: May 14: One plaintiff represented by the Shub Johns & Holbrook law firm of Conshohocken and the Milberg Coleman Bryson Phillips Grossman firm of Washington, D.C. May 15: One plaintiff represented by the Kopelowitz Ostrow law firm of Fort Lauderdale, Florida, and the Shamis & Gentile law firm of Miami. May 21: One plaintiff represented by the Saltz Mongeluzzi Bendesky law firm of Philadelphia and the Strauss Borelli firm of Chicago. May 21: One plaintiff represented by Saltz Mongeluzzi Bendesky and the Finkelstein, Blankinship, Frei-Pearson & Garber firm of White Plains, New York. May 21: One plaintiff represented by the Kopelowitz Ostrow law firm. May 21: One plaintiff represented by the Adhoot & Wolfson law firm of Radnor and the Siri & Glimstad firm of New York City. May 23: One plaintiff represented by the Shub Johns & Holbrook law firm of Conshohocken and the Clayeo Arnold firm of Sacramento, California. May 23: Two plaintiffs filing jointly represented by the Kimmel & Silverman firm of Ambler and the EKSM firm of Houston. According to the DATS website: the private, nonprofit 501(c)3 corporation was established in 1977 to provide outpatient treatment to residents of Lackawanna County suffering from drug and alcohol abuse; it grew over the years to become the state-designated provider for drug and alcohol counseling covering all of Lackawanna County and one of the largest outpatient service providers in the state; its roster has grown to 30 clinical staff members with an average monthly caseload of 700 patients; licensed by the state, the center is a provider for the Lackawanna-Susquehanna Office of Drug and Alcohol Programs. One of the lawsuits described the prospective class as 'nationwide.'
