A pending class-action lawsuit in Ohio demonstrates the increased vulnerability of nursing homes targeted by hackers seeking valuable patient and employee data.
A former employee of Atrium Centers is asking a federal judge to certify a multistate lawsuit over the skilled nursing provider’s “failures” to secure, encrypt or destroy sensitive and protected information.
Plaintiff Shannon Shawanokasic of Wisconsin claims her data was among the information stolen in an October attack, and that she is now spending hours a day monitoring her personal accounts and sorting through spam sent to the phone and email contacts she had on file with Atrium. She is seeking damages and restitution for herself and others caught up in the breach, as well as a court order forcing Atrium to adopt stronger cybersecurity defenses.
Atrium is headquartered in Ohio and also has facilities in Kentucky, Michigan and Wisconsin. The lawsuit alleges the provider should have done more given that data breaches are “rampant” in healthcare.
“Data breaches such as the one experienced by Defendant Atrium have become so notorious that the Federal Bureau of Investigation and U.S. Secret Service have issued a warning to potential targets so they are aware of, can prepare for, and hopefully can ward off a potential attack,” said the lawsuit, filed Tuesday in the US District Court for Southern Ohio. “The significant increase in attacks in the healthcare industry, and attendant risk of future attacks, is widely know
Source: https://www.mcknights.com/news/former-nursing-home-employee-seeks-class-action-in-data-breach/
Atrium Centers TPRM report: https://www.rankiteo.com/company/atrium-centers
"id": "atr1765174764",
"linkid": "atrium-centers",
"type": "Breach",
"date": "10/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Patients and employees, '
'including plaintiff Shannon '
'Shawanokasic',
'industry': 'Healthcare',
'location': 'Ohio (HQ), Kentucky, Michigan, Wisconsin',
'name': 'Atrium Centers',
'type': 'Skilled Nursing Provider'}],
'data_breach': {'data_encryption': 'Not implemented (alleged failure to '
'encrypt)',
'data_exfiltration': 'Yes',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (personally identifiable '
'information, protected health '
'information)',
'type_of_data_compromised': 'Sensitive and protected '
'information, personal and '
'employee data'},
'date_detected': '2023-10',
'description': 'A former employee of Atrium Centers filed a multistate '
'class-action lawsuit alleging failures to secure, encrypt, or '
'destroy sensitive and protected information, leading to a '
'data breach in October. The plaintiff claims her data was '
'stolen, resulting in increased spam and the need for personal '
'account monitoring. The lawsuit seeks damages, restitution, '
'and stronger cybersecurity defenses for Atrium.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'lawsuit and breach',
'data_compromised': 'Sensitive and protected information, '
'including personal and employee data',
'identity_theft_risk': 'High',
'legal_liabilities': 'Pending class-action lawsuit'},
'investigation_status': 'Ongoing (lawsuit pending)',
'motivation': 'Data Theft',
'post_incident_analysis': {'root_causes': 'Alleged failure to secure, '
'encrypt, or destroy sensitive '
'data'},
'recommendations': 'Adopt stronger cybersecurity defenses, including '
'encryption and secure data destruction practices',
'references': [{'source': 'US District Court for Southern Ohio (Lawsuit '
'Filing)'}],
'regulatory_compliance': {'legal_actions': 'Pending class-action lawsuit',
'regulations_violated': 'Potential HIPAA '
'violations'},
'title': 'Atrium Centers Data Breach Lawsuit',
'type': 'Data Breach'}