Healthcare Data Breach Targets Mental Health Provider
AspenPointe Inc., a mental health and substance abuse provider, was targeted by a healthcare data breach. The healthcare security breach, which allowed unauthorized access to their network, compromised the protected health information of 295,617 patients.
AspenPointe Healthcare Data Breach
AspenPointe discovered in late September that they had been hacked, allowing an unauthorized party to access their network. The healthcare data breach forced AspenPointe to close their operations for several days while they attempted to regain control of their systems.
In November, an investigation into the security breach concluded, determining that the unauthorized party had access to AspenPointe’s network from September 12 to September 22. Through the attack, the unauthorized party was able to exfiltrate both patient’s protected health information (PHI) and employee’s data. The PHI compromised by the incident varied by the patient, however, all of the patients affected by the incident had their full names exposed. Other exposed PHI included dates of birth, Social Security numbers, Medicaid ID numbers, dates of the last visit, admission dates, discharge dates, and/or diagnosis codes. Employee’s full names were also disclosed, as well as their dates of birth, Social Security numbers, driver’s license numbers, and/or bank account information.
Compensation by AspenPointe
In response to the incident, AspenPointe is offering affected individuals one year of complimentary credit monitoring services, $1,000,000 insurance reimbursement policy, and fully managed identity theft recovery. They have also increased their security practices by forcing password changes, implementing additional endpoint protection, increasing monitoring, and implementing firewall changes.
AspenPoint made a statement addressing the healthcare data breach, “Please accept our apologies that this incident occurred. We are committed to maintaining the privacy of personal information in our possession and have taken precautions to safeguard it. We continually evaluate and modify our practices and internal controls to enhance the security and privacy of your personal information.” Find out more about Healthcare Breaches Rise amid COVID-19.
HIPAA Compliant Cybersecurity: Practical Implementation Tips
Must-know information about how to protect your telehealth practice from a ransomware attack. Operate w/ EYES WIDE OPEN.