Healthcare provider AspenPointe warned patients of a data breach that allowed attackers to steal personal and health information.
Healthcare provider AspenPointe warned patients of a data breach that allowed attackers to steal personal and health information.
AspenPointe, headquartered in Colorado Springs, is a nonprofit funded by Medicaid, state, federal, and local government contracts, as well as donations.
"We recently discovered unauthorized access to our network occurred between September 12, 2020, and approximately September 22, 2020," AspenPointe reported in a notification sent to clients.
The firm has immediately hired external security experts to inspect the incident and locate the extent of the information compromise impacting on its network.
“Based on our comprehensive investigation and document review, which concluded on November 10, 2020, we discovered that your full name and one or more of the following were removed from our network in connection with this incident: date of birth, Social Security number, Medicaid ID number, date of the last visit (if any), admission date, discharge date, and diagnosis code."
Even though the firm assures that the information exposed during data breach was not misused by any third-parties, it is better to place a security freeze or fraud alert on their credit files of users affected.
AspenPointe provides IDX identity theft protection services including "12 months of credit and CyberScan monitoring, a $1,000,000 insurance reimbursement policy, and fully managed identity theft recovery services,” to those affected by the data breach.
"Since the incident, we have urged password changes, implemented additional endpoint protection, increased monitoring, and implemented firewall changes, among other things," AspenPointe added.
The firm is further evaluating and modifying the practices, and internal controls followed to enhance the security and privacy of personal information of its users.
BleepingComputer States that AspenPointe did not reveal the number of patients impacted in the attack but according to the report filed with the HSS 295,617 AspenPointe clients had their PII and PHI data stolen by the attackers in this incident.
A toll-free response line is available for clients who have further questions regarding the incident.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?