Healthcare Hack Targets Mental Health Provider

59
1

AspenPointe Inc., a mental health and substance abuse provider, was targeted by a healthcare hack. The healthcare hack, which allowed unauthorized access to their network, compromised the protected health information of 295,617 patients.

AspenPointe Healthcare Hack

AspenPointe discovered in late September that they had been hacked, allowing unauthorized parties to access their network. The healthcare hack forced AspenPointe to close its operations for several days while attempting to regain control of its systems. In November, an investigation into the hack concluded, determining that the unauthorized party had access to AspenPointe’s network from September 12 to September 22. Through the attack, the unauthorized party was able to exfiltrate both patients protected health information (PHI) and employee data.

The PHI compromised by the incident varied by the patient, however, all of the patients affected by the incident had their full names exposed. Other PHI exposures included dates of birth, Social Security numbers, Medicaid ID numbers, dates of the last visit, admission dates, discharge dates, and/or diagnosis codes. Employee’s full names were also accessed, as well as their dates of birth, Social Security numbers, driver’s license numbers, and/or bank account information. AspenPointe is offering affected individuals one year of complimentary credit monitoring services, a $1,000,000 insurance reimbursement policy, and fully managed identity theft recovery in response to the incident. They have also increased their security practices by forcing password changes, implementing additional endpoint protection, increasing monitoring, and implementing firewall changes.

AspenPoint made a statement addressing the healthcare hack “Please accept our apologies that this incident occurred. We are committed to maintaining personal information privacy in our possession and have taken precautions to safeguard it. We continually evaluate and modify our practices and internal controls to enhance the security and privacy of your personal information.”

HIPAA Resources

Need assistance with HIPAA compliance? Compliancy Group can help! They help you achieve HIPAA compliance, with Compliance Coaches® guiding you through the entire process. Find out more about the HIPAA Seal of Compliance® and Compliancy Group. Get HIPAA compliant today!

HIPAA Compliant Cybersecurity: Practical Implementation Tips

Must-know information about how to protect your telehealth practice from a ransomware attack. Operate w/ EYES WIDE OPEN.

Disclaimer: The Telebehavioral Health Institute (TBHI Telehealth.org) offers information as educational material designed to inform you of issues, products, or services potentially of interest. We cannot and do not accept liability for your decisions regarding any information offered. Please conduct your due diligence before taking action. Also, the views and opinions expressed are not intended to malign any organization, company, or individual. Product names, logos, brands, and other trademarks or images are the property of their respective trademark holders. There is no affiliation, sponsorship, or partnership suggested by using these brands unless contained in an ad. We do not and cannot offer legal, ethical, billing technical, medical, or therapeutic advice. Use of this site constitutes your agreement to TBHI Privacy Policy and Terms and Conditions.

Subscribe
Notify of
guest
1 Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Sara Abbott
Sara Abbott
1 year ago

Exciting for mental health professionals

1
0
Would love your thoughts, please comment.x