More than a million patients of UnityPoint Health might have had health or personal information exposed, including Social Security and financial information, during a recent email phishing scam, company officials said July 30.
Approximately 1.4 million patients may have had their information compromised during a cyberattack that gave access to internal email accounts between March 14 and April 3, according to privacy officer RaeAnn Isaacson.
The company notified every patient who may have been affected, UnityPoint said.
The attack was discovered May 31, and company officials went to law enforcement and launched their own investigation “with an expert computer forensics firm” to determine the scale of the attack, according to UnityPoint’s press release.
Company officials say some employees were tricked into providing login information, giving internal email access to attackers.
Most of that information was personal and health-related, but Social Security or driver’s license numbers may have been compromised for some individuals, and bank account numbers or credit card numbers may have been compromised for “a limited number of individuals,” company officials said.
For those people whose Social Security or driver’s license numbers were affected, UnityPoint is offering free credit monitoring services for one year, and noted patients should remain vigilant in reviewing account and healthcare statements for irregularities. They also have a helpline people can call with questions at (888) 266-9285.
UnityPoint reset passwords for all compromised accounts, implemented multi-factor authentication for users, added technology to help identify suspicious emails, and conducted “mandatory education” for employees after the breach.
It’s not the first time employees have unwittingly let phishers in: In April, company officials discovered their email system was compromised by a phishing attack between Nov. 1 and Feb. 7. In that instance, about 16,400 people potentially had Social Security numbers and other financial information exposed.
UnityPoint Health is the 13th largest nonprofit health system in the country, with hospitals in Iowa, Illinois, and Wisconsin.