Attackers stole protected health information (PHI) and personally identifiable information (PII) of 295,617 patients of Colorado Springs-based mental healthcare provider AspenPointe in a data breach, the company said.
According to a letter sent to victims, the criminals gained access to the organization’s network in September 2020.
“We recently discovered unauthorized access to our network occurred between September 12, 2020 and approximately September 22, 2020,” the letter reads. “We immediately launched an investigation in consultation with outside cybersecurity professionals who regularly investigate and analyze these types of situations to analyze the extent of any compromise of the information on our network.”
Following the investigation, which ended November 10, AspenPointe claims that the attackers exfiltrated highly sensitive patients’ data, including full names, date of birth, Social security numbers, Medicaid ID numbers, last visit dates, admission dates, discharge dates and diagnosis codes.
Although AspenPointe is “not aware of any reports of identity fraud or improper use of your information as a direct result of this incident,” patients are advised to place fraud alerts or a security freeze on their credit files and closely review their financial account statements for fraud.
The data breach has also forced AspenPointe to implement immediate password changes, additional endpoint protection, increased monitoring and firewall changes to their network.
“We continually evaluate and modify our practices and internal controls to enhance the security and privacy of your personal information,” AspenPointe added.
Additionally, the nonprofit organization said it will provide free 12-month identity-theft protection service for all impacted individuals, including credit monitoring and a $1 million insurance reimbursement policy. The data breach could have a serious psychological and financial impact on victims. Cyber thieves may use stolen healthcare records to make fake medical claims and steal insurance, attempt extortion by researching the victims or opening new credit lines using Social Security numbers and names.
Check now if your personal info has been stolen or made public on the internet, with Bitdefender’s Digital Identity Protection tool.