Notice of Data Breach

September 27, 2021

Notice of Data Breach at Lakewood Retirement Community

Henrico, Virginia –Today, Lakewood Retirement Community notified residents and family members of a security breach that was discovered on its system on July 29, 2021. Impacted individuals should receive a letter from Lakewood.

On or about July 26, a hacker gained access to a team member’s email account, apparently through a “phishing” email inadvertently opened by the team member. Once aware of the hack, Lakewood immediately secured all information associated with the account, reviewed its electronic security throughout the system, and engaged third party experts to conduct a detailed forensic audit to determine whose information may have been affected and what types of information, including protected health information, were accessible during this breach.

The forensic audit determined that 1205 individuals’ protected health information was potentially accessed by the hacker. Such information may include residents first and last name, date of birth, residential unit or room number, home address, phone number, reason for admission, or some other health related information that could identify a physical or mental health condition or care received at Lakewood. 1009 of the affected individuals were current or former residents of Lakewood or Lakewood team members. Email attachments for 268 individuals had their social security numbers available. Email attachments for six individuals had driver’s license numbers listed. The email files did not appear to have any credit card information.

After the investigation was completed, Lakewood prepared and sent notice letters within two weeks of identifying the individuals potentially impacted by the hack. The compromised files included 33,000 emails and 12,692 attachments. The files included PDFs, image files, WORD documents, and Excel files. The forensic investigation consisted of examining 33,000 emails to identify the affected individuals. Lakewood has reported the hack as a computer crime to the Attorney General of Virginia. Lakewood also reported the incident to the FBI’s Internet Crime Complaint Center.

“We are deeply saddened and frustrated by this incident. We apologize to our residents and family members for any concern this may create, and we will do everything we can to remedy the situation and help them through necessary steps to ensure their data is secure.” said Lakewood Executive Director, Heather Crumbaugh.

To provide more peace of mind, Lakewood is offering identity theft protection services through IDX, the data breach and recovery services expert. IDX identity protection services include: 12 months credit and CyberScan monitoring, a $1,000,000 insurance reimbursement policy, and fully managed ID theft recovery services. With this protection, IDX will help you resolve issues if your identity is compromised.

If you feel your data was affected, we encourage you to contact IDX with any questions and to enroll in free identity protection services by calling 1-833-903-3648 or going to https://app.idx.us/account-creation/protect and using the Enrollment Code provided in the letter affected individuals should have received. IDX representatives are available Monday through Friday from 6 am – 6 pm Pacific Time.

Lakewood’s IT systems are currently open, and operations are fully restored. Lakewood will continue to provide updates on its website as more information is available. Affected individuals are encouraged to check Lakewood’s website for future updates about the data breach.

Lakewood Retirement Community takes its residents’ privacy and the security of their information very seriously and is deeply sorry for any inconvenience this incident may have caused. Affected individuals can contact Lakewood’s Executive Director, Heather Crumbaugh, at (804)-729-5563, hcrumbaugh@lakewoodwestend.org, or 1900 Lauderdale Drive, Richmond VA, 23238. Website: https://www.lakewoodwestend.org/