A notification sent out to patients and employees states, “To date, we are not aware of any reports of identity fraud or improper use of your information as a direct result of this incident. Nevertheless, out of an abundance of caution, we wanted to make you aware of the incident, explain the services we are making available to help safeguard you against identity fraud, and suggest steps that you should take as well.”
To protect individuals exposed in the mental health services breach, AspenPointe is offering affected individuals 12 months of complementary credit monitoring services, $1,000,000 insurance reimbursement policy, and fully managed identity theft recovery. AspenPointe states, “Please accept our apologies that this incident occurred. We are committed to maintaining the privacy of personal information in our possession and have taken precautions to safeguard it. We continually evaluate and modify our practices and internal controls to enhance the security and privacy of your personal information.”
Since discovery of the incident, AspenPointe has increased their security by forcing password changes, implementing additional endpoint protection, increasing monitoring, and implementing firewall changes.