PointClickCare reports data breach, exposing residents of long-term care facilities

PointClickCare, a major Canadian healthcare software company, is reporting a data breach affecting multiple long-term care facilities and their patients. The company provides third-party management services to a wide range of healthcare facilities including skilled nursing facilities, senior living facilities, hospitals, and health plans.

The incident was discovered on July 20, 2024 and involved unauthorized activity within the company's Electronic Health Records (EHR) platform. The breach impacted at least two long-term care facilities, Citadel of Northbrook and Pavilion of Bridgeview, both owned by Omnia Healthcare Group.

According to the investigation, an unauthorized actor gained access to the EHR platform using compromised credentials, allowing them to view and acquire sensitive patient information. The exposed data includes:

• names,
• dates of birth,
• Social Security numbers,
• Medicare/Medicaid identification numbers,
• medical information,
• health insurance information.

The number of affected individuals is not disclosed. The breach remains under investigation, with more facilities potentially affected beyond the two that have already reported.