The senior living operator has settled a class action lawsuit. 

What happened

Vi Living, officially known as Classic Resident Management Limited Partnership, experienced a data breach in March 2023. According to the breach notice, Vi Living learned that an unauthorized party had gained access to the corporate office network and data server on March 13th, 2023. In response, Vi Living took the network offline and began an investigation. 

The investigation, which concluded on July 25th, determined that compromised data included names, addresses, dates of birth, Social Security numbers, financial data, and medical data. 

Vi Living offers senior living communities in Florida, Arizona, Colorado, California, Illinois, and South Carolina. In total, the companies runs 10 communities. The breach impacted approximately 61,000 individuals. 

What’s new

After the breach, a complaint was filed alleging that Vi Living was negligent. The suit argued that the breach was preventable with reasonable security measures. 

Vi Living ultimately decided to settle the case. As part of the settlement, the company did not admit to any wrongdoing but agreed to a settlement to avoid litigation costs.

Under the settlement, class members can receive up to $1,500 in reimbursement for “ordinary” losses related to the breach, like bank fees, communication charges, travel expenses, and credit-related costs. Class members can also receive compensation for lost time due to the breach. Individuals who experienced “extraordinary” losses, like fraud or identity theft, may be eligible for up to $5,000 in compensation.

In addition to the pay-outs, Vi Living has agreed to implement information security improvements and is offering class members two years of free identity theft protection and medical data monitoring. 

While the settlement has received preliminary approval, it still has to go through a final approval, which is scheduled in Cook County, Illinois, for February 19th. 

The big picture

Vi Living is far from the only senior living organization to be targeted by threat actors in recent years. California-based Kisco Senior Living and Pensylvania-based Acts Retirement-Life Communities are just two out of multiple attacks.

Organizations like these frequently believe that they are not significant enough to be targeted by attackers, but most cyberattacks are based on opportunity. Considering these senior living communities likely have significant health, financial, and personal information on their clients, it shouldn’t be surprising that they are frequently targeted. 

As Vi Living recovers from the incident, it will likely have a renewed focus on cybersecurity. As with many attacks, the right security measures can make a huge difference in preventing or mitigating an attack. 

Related: HIPAA Compliant Email: The Definitive Guide