AspenPointe Inc., a mental health and substance abuse provider, was targeted by a healthcare hack. The healthcare hack, which allowed unauthorized access to their network, compromised the protected health information of 295,617 patients.
AspenPointe Healthcare Hack
AspenPointe discovered in late September that they had been hacked, allowing unauthorized parties to access their network. The healthcare hack forced AspenPointe to close its operations for several days while attempting to regain control of its systems. In November, an investigation into the hack concluded, determining that the unauthorized party had access to AspenPointe’s network from September 12 to September 22. Through the attack, the unauthorized party was able to exfiltrate both patients protected health information (PHI) and employee data.
The PHI compromised by the incident varied by the patient, however, all of the patients affected by the incident had their full names exposed. Other PHI exposures included dates of birth, Social Security numbers, Medicaid ID numbers, dates of the last visit, admission dates, discharge dates, and/or diagnosis codes. Employee’s full names were also accessed, as well as their dates of birth, Social Security numbers, driver’s license numbers, and/or bank account information. AspenPointe is offering affected individuals one year of complimentary credit monitoring services, a $1,000,000 insurance reimbursement policy, and fully managed identity theft recovery in response to the incident. They have also increased their security practices by forcing password changes, implementing additional endpoint protection, increasing monitoring, and implementing firewall changes.
AspenPoint made a statement addressing the healthcare hack “Please accept our apologies that this incident occurred. We are committed to maintaining personal information privacy in our possession and have taken precautions to safeguard it. We continually evaluate and modify our practices and internal controls to enhance the security and privacy of your personal information.”
Need assistance with HIPAA compliance? Compliancy Group can help! They help you achieve HIPAA compliance, with Compliance Coaches® guiding you through the entire process. Find out more about the HIPAA Seal of Compliance® and Compliancy Group. Get HIPAA compliant today!
HIPAA Compliant Cybersecurity: Practical Implementation Tips
Must-know information about how to protect your telehealth practice from a ransomware attack. Operate w/ EYES WIDE OPEN.