AspenPointe in Colorado Springs recently notified 295,617 patients of a data breach in September that exposed some of their personal information.
The behavioral health services provider discovered unauthorized access to its network between Sept. 12-22. After launching an investigation, AspenPointe determined that patient information including names, dates of birth, Social Security numbers, Medicaid ID numbers and diagnosis codes were exposed as a result of the incident.
AspenPointe reported the security breach to HHS Nov. 19 as affecting 295,617 individuals. The healthcare provider is offering 12 months of free identity theft services and a $1 million insurance reimbursement policy to those affected.
To increase security after the incident, AspenPointe implemented password changes, increased monitoring and rolled out firewall changes.