New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


AspenPointe Data Breach

U.S. healthcare provider AspenPointe has notified patients of a data breach that happened in September of this year. The attack enabled the thieves to steal protected health information (PHI) and personally identifiable information (PII). AspenPointe is a nonprofit organization that is funded by Medicaid, state, federal, and local government contracts, as well as donations. An AspenPointe release stated, “We recently discovered unauthorized access to our network occurred between September 12, 2020, and approximately September 22, 2020.” The organization hired external security experts to investigate the attack and to find the extent of the breach. The investigation concluded that the data stolen by the attackers included records with patients’ full name, date of birth, Social Security Number, Medicaid ID number, date of last visit (if any), admission date, and or diagnosis code. Even though AspenPointe says that there is no evidence that the stolen data was improperly used by third parties, the company advises patients to safeguard themselves against potential fraud attempts. The total number of affected patients was reported to the Department of Health and Human Services (HHS) as 295,617.

Analyst Notes

To help the affected patients, AspenPointe has forced password changes, implemented additional endpoint protection, increased monitoring, added firewall changes, and is offering those affected IDX identify theft protection that includes 12 months of CyberScan Monitoring, a $1 million dollar insurance reimbursement policy, and fully managed identity theft recovery services. A toll-free response line is available to clients that have more questions, the number is (833)-820-3180.
After any data breach investigation, it is important for companies to take lessons learned from the methods the attackers used to access systems and steal data. When the digital forensic investigators are able to determine what data was stolen and that the attackers were present in the environment for ten days, it means that there were logs of the actions the attackers took. By instituting monitoring of the logs on a continuous basis, healthcare providers can discover intrusions earlier and stop the unauthorized access much sooner, limiting the damage to patients. A Security Operations Center equipped with monitoring tools, such as Binary Defense’s Security Operations Task Force, protects workstations and servers from intrusions 24 hours a day, every day.

More information is available in the report by Bleeping Computer: