UnityPoint Health, a multi-hospital and clinic health system based in Des Moines, Iowa., has suffered a data breach affecting 1,800 patients.
The breach occurred when someone at a third-party company working with UnityPoint illegally gained access to the EMR system by using a password of individuals who were authorized to access the system for medical purposes. This was discovered during an audit of the system.
It occurred from February through August 2013. Protected health information that was accessed included names, home addresses, dates of birth, medical and health insurance account numbers health information related to patient treatment, and for some patients, their social security numbers.
According to a report from the Des Moines Register, the Federal Bureau of Investigation is investigating the incident, which according to the company’s press release. UnityPoint says it has sent letters to all affected patients, and is offering a credit monitoring product to adults and families of minors affected.