Senior Care Urged to Adopt Six‑Step Cyber Breach Plan

Context Senior living communities store extensive health, financial, and personal records, making them attractive targets. Threat actors frequently use phishing emails to harvest credentials, then deploy ransomware that encrypts files and threatens data leakage. The increase in attacks reflects broader trends: global breaches rose 40% year‑over‑year, with weekly incidents climbing from 1,666 in 2025 to 1,968 in 2026.

Key Facts Tara Clayton, managing director at Marsh, notes that ransomware and phishing are the primary risks for senior living organizations. Aaron Puckett, vice president of Managed Services Group, stresses that limited downtime tolerance gives attackers leverage, which is why many communities pursue SOC 2 Type II validation. This audit confirms that security controls and incident response processes operate effectively over time, not just on paper.

What It Means Adopting a six‑step plan helps organizations prepare before an incident occurs. Steps include: establishing a clear breach response plan with defined roles; preparing response actions such as triage and containment; planning family communication with honest, timely updates; aligning with business continuity and disaster recovery; involving executive leadership and operations; and regularly testing the plan. Technical mitigations involve patching internet‑facing services (e.g., applying fixes for CVE‑2022‑22965 on Spring Cloud), disabling unnecessary RDP exposure, enforcing multi‑factor authentication, and monitoring for MITRE ATT&CK techniques T1566.001 (spearphishing attachment) and T1486 (ransomware). Detection signatures should flag suspicious PowerShell execution (T1059.001) and unusual outbound traffic to known command‑and‑control domains.

Watch for updates to sector‑specific guidance from HHS and CISA, as well as any new ransomware variants targeting healthcare‑adjacent networks.