Two senior care providers, Windward Life Care in California and Legend Senior Living in Kansas, have disclosed data breaches attributed to ransomware attacks. These incidents have resulted in the exposure of sensitive personal and health information of individuals under their care. Both organizations have begun notifying affected individuals and offering protective services to mitigate potential harm from the breaches.

Windward Life Care, based in San Diego, California, detected suspicious activity on its network on December 8, 2025. A forensic investigation revealed that an unauthorized party accessed the network on the same day, compromising files containing personal and protected health information. The review of these files was completed by April 6, 2026, and notification letters were sent out shortly thereafter. Despite not officially labeling the incident as a ransomware attack, the Sinobi group claimed responsibility, stating they encrypted files and exfiltrated 25 gigabytes of data, which was later leaked when the ransom was not paid.

Legend Senior Living, located in Wichita, Kansas, discovered a data security incident on or around August 15, 2025. Unauthorized access to its systems occurred between July 27 and August 15, 2025, potentially compromising files with personal and health information. The data review was preliminarily completed by March 12, 2026, and notification letters were sent out starting April 10, 2026. The Worldleaks threat group claimed responsibility for this attack and leaked the data after the ransom demand was unmet.

The impact of these breaches is significant, as they involve sensitive data such as Social Security numbers, financial account information, and medical records. The exact number of affected individuals remains unclear, although it is known that 5,006 Texas residents were impacted by the Legend Senior Living breach. Both organizations have offered complimentary credit monitoring and identity theft protection services to those affected.

Affected individuals are advised to remain vigilant for any signs of identity theft or fraudulent activity. They should monitor their financial accounts and credit reports closely and report any suspicious activity immediately. Utilizing the offered credit monitoring services can provide an additional layer of protection during this period.

Source: https://www.hipaajournal.com/two-senior-care-providers-affected-by-ransomware-attacks/