It has been found that the electronic mail accounts of numerous workers of UnityPoint Health have been undermined and retrieved by illegal persons.
Access to the employees’ electronic mail accounts was first gained on November 1, 2017, and carried on for a duration of 3 months until February 7, 2018, when the phishing occurrence was seen and access to the undermined electronic mail accounts was switched off.
When the phishing outbreak was first noted, UnityPoint Health tried to find the services of a computer forensics company to check the range of the breach and the number of patients affected. The analysis indicated a wide range of safeguarded health files had possibly been acquired by the attackers, which contained names together with one or more of the below-mentioned data parts of information:
Insurance details, provider data, diagnoses, lab test results, surgical information, treatment information, dates of service, birth date, insurance details and medical history number.
The safety breach has not yet been printed on the Division of Health and Human Services’ breach portal, therefore the exact number of patients impacted by the breach is currently not known. Notices to people impacted by the breach began to be dispatched on April 16, 2018.
Thus far there have been no authorized details of any health information being abused. Nevertheless, since PHI might have been retrieved by the hackers, UnityPoint Health has suggested impacted persons take measures to safeguard against insurance scam and identity theft. Those measures include watching underwriters’ Explanation of Benefits statements, checking accounts for deceitful activity, and getting in touch with underwriters for a complete list of all medical facilities paid under their insurance plan and to verify the list for any facilities in details that have not yet been recorded.
The occurrence has led UnityPoint Health to increase safety controls to stop similar occurrences from occurring again.