UnityPoint says 1.4 million affected in phishing scam

Aug. 1, 2018

More than a million patients of UnityPoint Health might have had health or personal information exposed, including Social Security and financial information, during a recent email phishing scam, company officials said July 30.

Approximately 1.4 million patients may have had their information compromised during a cyberattack that gave access to internal email accounts between March 14 and April 3, according to privacy officer RaeAnn Isaacson.

The company notified every patient who may have been affected, UnityPoint said.

The attack was discovered May 31, and company officials went to law enforcement and launched their own investigation “with an expert computer forensics firm” to determine the scale of the attack, according to UnityPoint’s press release.

Company officials say some employees were tricked into providing login information, giving internal email access to attackers.

Most of that information was personal and health-related, but Social Security or driver’s license numbers may have been compromised for some individuals, and bank account numbers or credit card numbers may have been compromised for “a limited number of individuals,” company officials said.

For those people whose Social Security or driver’s license numbers were affected, UnityPoint is offering free credit monitoring services for one year, and noted patients should remain vigilant in reviewing account and healthcare statements for irregularities. They also have a helpline people can call with questions at (888) 266-9285.

UnityPoint reset passwords for all compromised accounts, implemented multi-factor authentication for users, added technology to help identify suspicious emails, and conducted “mandatory education” for employees after the breach.

It’s not the first time employees have unwittingly let phishers in: In April, company officials discovered their email system was compromised by a phishing attack between Nov. 1 and Feb. 7. In that instance, about 16,400 people potentially had Social Security numbers and other financial information exposed.

UnityPoint Health is the 13th largest nonprofit health system in the country, with hospitals in Iowa, Illinois, and Wisconsin.

The Courier has the full story

Sponsored Recommendations

How to Build Trust in AI: The Data Leaders’ Playbook

This eBook strives to provide data leaders like you with a comprehensive understanding of the urgent need to deliver high-quality data to your business. It also reviews key strategies...

Quantifying the Value of a 360-Degree view of Healthcare Consumers

To create consistency in how consumers are viewed and treated no matter where they transact, healthcare organizations must have a 360° view based on a trusted consumer profile...

Elevating Clinical Performance and Financial Outcomes with Virtual Care Management

Transform healthcare delivery with Virtual Care Management (VCM) solutions, enabling proactive, continuous patient engagement to close care gaps, improve outcomes, and boost operational...

Examining AI Adoption + ROI in Healthcare Payments

Maximize healthcare payments with AI - today + tomorrow