U.S. healthcare provider AspenPointe notified patients of a data breach stemming from a September 2020 cyberattack that enabled attackers to steal protected health information (PHI) and personally identifiable information (PII).
AspenPointe is a nonprofit funded by Medicaid, state, federal, and local government contracts, as well as donations, that manages 12 organizations serving over 50,000 individuals and families every.
"We recently discovered unauthorized access to our network occurred between September 12, 2020, and approximately September 22, 2020," AspenPointe
said in a notification sent to clients earlier this month.
The organization hired external security experts to investigate the incident and find the extent of the information compromise affecting its network.
"Based on our comprehensive investigation and document review, which concluded on November 10, 2020, we discovered that your full name and one or more of the following were removed from our network in connection with this incident: date of birth, Social Security number, Medicaid ID number, date of last visit (if any), admission date, discharge date, and/or diagnosis code."
