April 19, 2018
It has been found that the electronic mail accounts of numerous workers of UnityPoint Health have been undermined and accessed by illegal people.
Access to the staff electronic mail accounts was first gained on November 1, 2017 and continued for a duration of three months until February 7, 2018, when the phishing attack was detected and access to the undermined electronic mail accounts was turned off.
When the phishing attack was first detected, UnityPoint Health sought the facilities of a computer forensics company to evaluate the extent of the breach and the number of patients impacted. The analysis indicated a wide range of safeguarded health data had probably been obtained by the attackers, which contained names in combination with one or more of the following data bits of information:
Medical history number, diagnoses, lab test results, surgical information, treatment information, birth date, dates of service, provider data and insurance details.
The safety breach has yet to be circulated on the Division of Health and Human Services’ breach portal, therefore it is presently unclear the exact amount of patients who have been affected by the breach. Notices to people affected by the breach began to be sent on April 16, 2018.
To date, there have been no authorized reports of any health data being utilized for ill means. Nevertheless, since PHI might have been accessed by the hackers, UnityPoint Health has advised affected people take measures to safeguard against insurance scam an identity theft. Those measures include watching insurers’ Explanation of Benefits statements, checking accounts for fake activity, and getting in touch insurers for a complete list of all medical facilities paid under their insurance policy and to check the list for any facilities in details that have not been filed yet.
The incident has led to UnityPoint Health to increase safety controls to stop similar occurrences from happening again.