Kisco Senior Living, LLC is sending out data breach notifications to 26,663 people following a cyber attack over 10 months ago in June 2023. Ransomware group, BlackByte, claimed an attack on the organization at the time.
In its data breach letter, Kisco describes how it suffered a network disruption on June 6, 2023. It took steps to secure its systems and hired cybersecurity experts to conduct an investigation. This consequently found that “certain files may have been acquired without authorization.” On April 10, 2024–10 months after the attack–the investigation concluded.
According to the notification, names and Social Security Numbers are among the data affected. We recommend those affected take up the free identity theft protection services via IDX that Kisco is providing. Monitoring accounts and credit reports for any unauthorized activity is also highly recommended–as is looking back through historical records over the past 10 months due to the delay in reporting.
In its proof pack, BlackByte included screenshots of the alleged stolen data, which included various company documents.
Ransomware attacks on US senior living facilities
In our recent study on ransomware attacks on US healthcare organizations, we found that 27 home/senior care facilities have been impacted by ransomware attacks from 2018 to October 2023. 1.7 million records were impacted as a result.
Some of the biggest attacks, based on records affected, include:
- Personal Touch Holding Corp. – hit in January 2021, this affected 753,107 people. No ransomware gangs claimed responsibility.
- Avamere Health Services, LLC – targeted in January 2022 by AvosLocker, this attack led to the breach of 380,984 records.
- Home Care Providers of Texas (DPP II, LLC) – 127,574 affected following a ransomware attack from an unknown group.
Based on its current figures of 26,663, this attack on Kisco Senior Living makes it the tenth-biggest.
Who is BlackByte?
First appearing in mid-2021, BlackByte is a Ransomware-as-a-Service (RaaS) malware. The group behind it also tend to follow the ever-growing double-extortion tactic whereby systems are encrypted and data is stolen. Ransoms are demanded in order to release the two.
According to our data, BlackByte is responsible for 28 confirmed ransomware attacks across the world since its conception. Over the last year, it has also claimed responsibility for 21 attacks which have not yet been confirmed.
Some of its biggest attacks include the ones on Gateway Rehabilitation Center in Pennsylvania (130,000 affected) and Lamoille Health Partners (59,381). The Kisco Senior Living attack is its third-largest based on records affected. Interestingly, all of these attacks are on US healthcare organizations.
On average, BlackByte demands a ransom of $375,000.
About Kisco Senior Living, LLC
Based in Carlsbad, California, Kisco Senior Living has been offering full-service senior living communities for over 30 years. Its communities are located across California, North Carolina, Florida, Utah, Hawaii, and Virginia.