Phishing Attack on UnityPoint Health Compromised Several Employees’ Email Accounts

UnityPoint Health discovered that unauthorized individuals accessed the email accounts of several employees. It was found that the email accounts were accessed for a period of three months starting from November 1, 2017 up to the time the phishing attack was detected on February 7, 2018. UnityPoint Health blocked access to the compromised email account and hired a computer forensics firm to investigate the extent of the breach and the patients affected.

According to the investigators, the attackers potentially obtained a wide array of protected health information including names combined with one or more of the following information: date of birth, medical record number, service dates, surgical information, treatment details, lab test results, diagnoses, insurance information and provider information.

The Department of Health and Human Services’ breach portal has not yet published the UnityPoint Health security breach. There is also no exact number of affected patients determined yet. But UnityPoint Health already began mailing the notification letters to patients on April 16, 2018.

To date, no report of misuse of health information has been received. But as a safety precaution, UnityPoint Health advised the affected patients to check for possible insurance fraud or identity theft. The patients should review the Explanation of Benefits statements from their insurer and monitor their accounts for possible fraudulent activities. The individuals may opt to request for a full list of the medical services paid under their insurance policy and see if they received all services or not. UnityPoint Health also improved their security controls to avoid breaches from happening again.

About James Keogh 144 Articles
James Keogh has been writing about the healthcare sector in the United States for several years. With several years of covering healthcare topics, he has developed expertise in HIPAA-related issues, including compliance, patient privacy, and data breaches. His work is known for its thorough research and accuracy, making complex legal and medical information accessible . James's articles are valuable resources for healthcare professionals and have been featured in reputable publications. You can follow James on Twitter https://x.com/JamesKeoghHIPAA and contact James on LinkedIn https://www.linkedin.com/in/james-keogh-89023681.