UnityPoint says 1.4 million affected in phishing scam

Aug. 1, 2018

More than a million patients of UnityPoint Health might have had health or personal information exposed, including Social Security and financial information, during a recent email phishing scam, company officials said July 30.

Approximately 1.4 million patients may have had their information compromised during a cyberattack that gave access to internal email accounts between March 14 and April 3, according to privacy officer RaeAnn Isaacson.

The company notified every patient who may have been affected, UnityPoint said.

The attack was discovered May 31, and company officials went to law enforcement and launched their own investigation “with an expert computer forensics firm” to determine the scale of the attack, according to UnityPoint’s press release.

Company officials say some employees were tricked into providing login information, giving internal email access to attackers.

Most of that information was personal and health-related, but Social Security or driver’s license numbers may have been compromised for some individuals, and bank account numbers or credit card numbers may have been compromised for “a limited number of individuals,” company officials said.

For those people whose Social Security or driver’s license numbers were affected, UnityPoint is offering free credit monitoring services for one year, and noted patients should remain vigilant in reviewing account and healthcare statements for irregularities. They also have a helpline people can call with questions at (888) 266-9285.

UnityPoint reset passwords for all compromised accounts, implemented multi-factor authentication for users, added technology to help identify suspicious emails, and conducted “mandatory education” for employees after the breach.

It’s not the first time employees have unwittingly let phishers in: In April, company officials discovered their email system was compromised by a phishing attack between Nov. 1 and Feb. 7. In that instance, about 16,400 people potentially had Social Security numbers and other financial information exposed.

UnityPoint Health is the 13th largest nonprofit health system in the country, with hospitals in Iowa, Illinois, and Wisconsin.

The Courier has the full story

Sponsored Recommendations

Enhancing Remote Radiology: How Zero Trust Access Revolutionizes Healthcare Connectivity

This content details how a cloud-enabled zero trust architecture ensures high performance, compliance, and scalability, overcoming the limitations of traditional VPN solutions...

Spotlight on Artificial Intelligence

Unlock the potential of AI in our latest series. Discover how AI is revolutionizing clinical decision support, improving workflow efficiency, and transforming medical documentation...

Beyond the VPN: Zero Trust Access for a Healthcare Hybrid Work Environment

This whitepaper explores how a cloud-enabled zero trust architecture ensures secure, least privileged access to applications, meeting regulatory requirements and enhancing user...

Enhancing Remote Radiology: How Zero Trust Access Revolutionizes Healthcare Connectivity

This content details how a cloud-enabled zero trust architecture ensures high performance, compliance, and scalability, overcoming the limitations of traditional VPN solutions...