Please support Telehealth.org’s ability to deliver helpful news, opinions, and analyses by turning off your ad blocker.
AspenPointe Inc., a mental health and substance abuse provider, was targeted by a healthcare hack. The healthcare hack, which allowed unauthorized access to their network, compromised the protected health information of 295,617 patients.
AspenPointe Healthcare Hack
AspenPointe discovered in late September that they had been hacked, allowing unauthorized parties to access their network. The healthcare hack forced AspenPointe to close its operations for several days while attempting to regain control of its systems. In November, an investigation into the hack concluded, determining that the unauthorized party had access to AspenPointe’s network from September 12 to September 22. Through the attack, the unauthorized party was able to exfiltrate both patients protected health information (PHI) and employee data.
The PHI compromised by the incident varied by the patient, however, all of the patients affected by the incident had their full names exposed. Other PHI exposures included dates of birth, Social Security numbers, Medicaid ID numbers, dates of the last visit, admission dates, discharge dates, and/or diagnosis codes. Employee’s full names were also accessed, as well as their dates of birth, Social Security numbers, driver’s license numbers, and/or bank account information. AspenPointe is offering affected individuals one year of complimentary credit monitoring services, a $1,000,000 insurance reimbursement policy, and fully managed identity theft recovery in response to the incident. They have also increased their security practices by forcing password changes, implementing additional endpoint protection, increasing monitoring, and implementing firewall changes.
AspenPoint made a statement addressing the healthcare hack “Please accept our apologies that this incident occurred. We are committed to maintaining personal information privacy in our possession and have taken precautions to safeguard it. We continually evaluate and modify our practices and internal controls to enhance the security and privacy of your personal information.”
HIPAA Resources
Need assistance with HIPAA compliance? Compliancy Group can help! They help you achieve HIPAA compliance, with Compliance Coaches® guiding you through the entire process. Find out more about the HIPAA Seal of Compliance® and Compliancy Group. Get HIPAA compliant today!
HIPAA Compliant Cybersecurity for Professionals
Must-know information about how to protect your telehealth practice from a ransomware attack. Operate w/ EYES WIDE OPEN.
Disclaimer: Telehealth.org offers information as educational material designed to inform you of issues, products, or services potentially of interest. We cannot and do not accept liability for your decisions regarding any information offered. Please conduct your due diligence before taking action. Also, the views and opinions expressed are not intended to malign any organization, company, or individual. Product names, logos, brands, and other trademarks or images are the property of their respective trademark holders. There is no affiliation, sponsorship, or partnership suggested by using these brands unless contained in an ad. We do not and cannot offer legal, ethical, billing technical, medical, or therapeutic advice. Use of this site constitutes your agreement to Telehealth.org Privacy Policy and Terms and Conditions.
What are your thoughts about this article? Please comment below.
Exciting for mental health professionals