Two elderly care institutions in the US, Windward Life Care in California and Legend Senior Care in Kansas, suffered crippling ransomware attacks in 2025 that led to the loss of sensitive data to hackers.
Windward Life Care, established in 2004 to provide premier home-based care services to older and disabled adults in San Diego, California, suffered a major ransomware attack on December 8, 2025, that compromised personal and protected health information of its customers.
The elder care institution announced the cyber attack in letters addressed to affected customers on April 10, stating that malicious actors breached its systems on December 8 and exfiltrated vast amounts of customer data even though the access had been terminated on the same day.
The compromised information included patients’ names, addresses, email addresses, Social Security numbers, driver’s license numbers, taxpayer identification numbers, passport information, patient identification numbers, financial account numbers, debit/credit card numbers, handwriting or electronic signatures, medical information, health insurance information, usernames and other account-related information.
x.com/DarkWebInformer/status/2008213411612557404
In January, a ransomware actor known as Sinobi announced Windward Life Care as a victim on its dark web site. The threat actor claimed that they exfiltrated 25 GB of information from the institution’s systems and encrypted stored data to demand a ransom payment. According to HIPAA Journal, Sinobi later published the stolen information online, possibly because a ransom wasn’t paid.
In July 2025, the Worldleaks threat group also targeted Legend Senior Living, LLC, a senior living community in Wichita, Kansas, and exfiltrated vast amounts of personal and healthcare information of patients.
The senior living community informed the office of the Attorney General of Maine that the security incident occurred on July 27, 2025, and resulted in the loss of data related to thousands of customers. The incident was discovered on March 12, 2026, upon which the company launched a comprehensive investigation with help from cyber security expert to determine the nature and scope of the incident.
The investigation determined that the cyber security incident compromised names and protected personal information of thousands of individuals, including 5,006 individuals residing in the state of Texas. The company began notifying affected individuals on April 10 and is providing them with 12 months of complimentary credit monitoring and identity theft protection services through TransUnion.
According to DeXpose, the WorldLeaks ransomware group announced the targeting of Legend Senior Living on September 18, 2025, stating that it had seized critical data from the institution and would release the entire stolen dataset online if a ransom isn’t paid.
Click Here For The Original Source.
