Aspen Healthcare says hackers stole patient's healthcare data from its systems

Lewisville, Texas-based-healthcare provider Aspen Healthcare Services said that the data security incident it suffered last month compromised the sensitive personal information of its patients.

 

In a data security incident notification posted on its website, Aspen Healthcare said that on October 22, it experienced an attempted ransomware attack that resulted in hackers gaining unauthorised access to its medical records system.

 

The healthcare provider immediately launched an investigation, with assistance from external cyber security experts, to determine the scope of the incident, notified local and federal authorities and is working with them to investigate and mitigate the effects of this incident.

 

The investigation revealed that the sensitive personal information of its patients was compromised during the incident, including their names, dates of birth, addresses, insurance IDs, health records, and potentially Social Security numbers. Aspen has, however, clarified that no financial or other account numbers were accessed by the hackers who breached its network.

 

While Aspen is yet to share the total number of affected people, in a filing with the Office of Attorney General of Texas, the healthcare provider said that it has identified 8,153 Texans impacted by the incident.

 

“To support our patients, we are offering complimentary credit monitoring for a year, upon request, and can assist with placing a "fraud alert" on your credit accounts with the three major credit bureaus for additional protection,” it added.

 

Recently, the Everest ransomware group claimed responsibility for a cyber attack on Aspen and listed it as a victim on its data leak site. The group claims to be in possession of more than 1,500 medical records and personal data and has given a deadline of two weeks for the hospital to meet its ransom demand.