U.S. healthcare provider AspenPointe notified patients of a data breach stemming from a September 2020 cyberattack that enabled attackers to steal protected health information (PHI) and personally identifiable information (PII).
AspenPointe is a nonprofit funded by Medicaid, state, federal, and local government contracts, as well as donations, that manages 12 organizations serving over 50,000 individuals and families every.
Patients warned of identity fraud risks
"We recently discovered unauthorized access to our network occurred between September 12, 2020, and approximately September 22, 2020," AspenPointe said in a notification sent to clients earlier this month.
The organization hired external security experts to investigate the incident and find the extent of the information compromise affecting its network.
"Based on our comprehensive investigation and document review, which concluded on November 10, 2020, we discovered that your full name and one or more of the following were removed from our network in connection with this incident: date of birth, Social Security number, Medicaid ID number, date of last visit (if any), admission date, discharge date, and/or diagnosis code."
Even though the nonprofit says that there is no evidence that data stolen during the attack was improperly used by any third parties, patients were also urged to safeguard themselves against potential fraud attempts.
To block identity fraud, users affected by this incident are advised to place a security freeze or a fraud alert on their credit files, as well as get a free credit report to detect any fraudulent attempts to use their information.
AspenPointe also provides those affected by the data breach IDX identity theft protection services including "12 months of credit and CyberScan monitoring, a $1,000,000 insurance reimbursement policy, and f ..