COMMENT: AspenPointe Warns 295K Patients Of Data Breach exposing Their Personal Identifiable Information And Health Data

By   ISBuzz Team
Writer , Information Security Buzz | Dec 02, 2020 06:59 am PST

It was reported that the nonprofit U.S. healthcare provider AspenPointe has notified patients of a data breach. In a media statement, AspenPointe said they discovered unauthorised access to their network in September 2020. The patients affected are over 295K. 

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Robert Meyers
Robert Meyers , Channel Solutions Architect and Fellow of Information Privacy
December 2, 2020 3:04 pm

It is important to remember that AspenPointe is a facility that specialises in mental and behavioral health. Was this a targeted breach or a run of the mill? Personal health data is incredibly sensitive. This is the kind of information that can be used for significantly more obscure purposes than just the normal breach information, so it is really a good sign to see that the company is trying to get ahead of it.

Ultimately, managing access rights with a least privilege model and using a privileged account management (PAM) system would likely have stopped this breach from happening. Remember, you can only leak information that you have access to. If you do not have access to information, you cannot leak it. Therefore, the cause of this breach was that certain users were granted too much access. Hopefully, AspenPointe will have already revised its access privileges and implemented a new PAM system. And, hopefully, others will take note.

We are just at the start of what can be expected to be a large number of data breaches that will be identified. Security has simply not been a focus during the pandemic, simple enablement took its place. It\’s time for security to move back to the forefront of organisations\’ priorities so that breaches like this do not happen.

Last edited 3 years ago by Robert Meyers

Recent Posts

Would love your thoughts, please comment.x