American HealthCare Provider Experiences Cyberattack, 295,617 Patients’ Data Exposed!

The healthcare sector is evolving rapidly through digital technologies in a bid to improve patient care and well-being. The healthcare service providers are widely sharing, collecting, and analyzing patient data to drive operational efficiencies and improve the way healthcare is delivered.

However, as the healthcare sector navigates the digital era, the risks surrounding cybersecurity are proliferating. Cybercriminals are employing nuanced, sophisticated, and nefarious methods to commit healthcare fraud. It is estimated that the healthcare data breaches in 2020 could cost about USD 6 trillion.

Recently, an American nonprofit mental health and behavioral health services provider ‘AspenPointe’ was successfully attacked in a data breach, exposing Protected Health Information (PHI) of more than 295,000 patients. The cyberattack forced the Colorado-based healthcare provider to shut down several systems and servers connected to the network, causing several days of business disruption.

In September 2020, cybercriminals attacked AspenPointe and gained access to patient data, including names, dates of birth, and Social Security numbers.

The company responded to the incident immediately and launched an investigation in consultation with the third-party cybersecurity specialists. AspenPointe also notified the patients regarding the data breach.

“We recently discovered an unauthorized access to our network occurred between September 12, 2020, and approximately September 22, 2020,” said AspenPointe in a notification released on November 19.

Read More: Cybersecurity Solutions for Healthcare

“We immediately launched an investigation in consultation with outside cybersecurity professionals who regularly investigate and analyze these types of situations to analyze the extent of any compromise of the information on our network,” the company informed.

It also notified the Health and Human Services’ Office for Civil Rights regarding the data breach that affected 295,617 individuals.

Following the data breach, AspenPointe has initiated password changes, enabled additional endpoint security, increased monitoring, and implemented firewall changes, among other things.

American HealthCare Provider 'AspenPointe' Experiences Cyberattack

Based on the comprehensive investigation and document review concluded on November 10, the healthcare provider found that the threat actors gained access to files that contained patient health information, including:

  • Full names
  • Dates of birth
  • Social Security number
  • Medicaid ID numbers
  • License numbers
  • Dates of admission, last visit, and discharge
  • Diagnosis codes

However, the company reported no incidents of misuse of patient information due to the data breach.

“To date, we are not aware of any reports of identity fraud or improper use of your information as a direct result of this incident,” said AspenPointe.

Moreover, to protect the potential misuse of patient information, AspenPointe has started offering 12 months of credit and CyberScan monitoring, a USD 1,000,000 insurance policy, and fully managed identity theft recovery services to the patients.

More Security Articles