In a security notice posted on its website, AspenPointe said it experienced a cyberattack in the latter part of September.
A version of this article was first published December 1, 2020, by HCPro's Revenue Cycle Advisor, a sibling publication to HealthLeaders.
AspenPointe Inc., a Colorado-based mental health and behavioral healthcare provider, reported a breach on November 19 affecting 295,617 individuals, according to the Office for Civil Rights (OCR) breach report.
In a security notice posted on its website, AspenPointe said it experienced a cyberattack in the latter part of September. The attack caused AspenPointe to shut down operations for several days.
The company recruited third-party cybersecurity professionals to assist with the investigation, which concluded that patients’ full names and one or more of the following were removed from AspenPointe’s network in connection with the incident:
- Bank account information
- Date of birth
- Driver’s license number
- Social Security number
AspenPointe is not aware of any reports of identity fraud or improper use of this information, according to the security notice. The organization said it will assist affected individuals with certain resources, including a one-year membership to a credit monitoring solution. AspenPointe also set up a toll-free response line that is staffed with professionals who are familiar with the incident.
Since the breach, AspenPointe has forced password changes, implemented additional endpoint protection, increased monitoring, and implemented firewall changes, according to the security notice.
Revenue Cycle Advisor combines all of HCPro's Medicare regulatory and reimbursement resources into one handy and easy-to-access portal. News is not just repeated from other sources. It is analyzed by our Medicare experts so professionals can comprehend any new rule and regulatory updates thoroughly. Learn more.