April 18, 2018
It has been found that a number of electronic mail accounts of staff members of UnityPoint Health have been retrieved by illegal people.
Staff electronic mail accounts were first retrieved on November 1, 2017 and went on for a period of three months, ending on February 7, 2018, when the phishing attack was found and access to the undermined electronic mail accounts was deactivated.
After finding the phishing attack, UnityPoint Health employed the services of a computer forensics company to assess the level of the breach and the number of patients who had their electronic mail accounts retrieved. The investigation demonstrated that a wide variety of protected health information might have been obtained by the cyber attackers, which detailed names along with one or more of the following data elements:
- Medical record number
- Insurance particulars
- Provider details
- Laboratory test results
- Surgical information
- Treatment information
- Service dates
- Date of birth
The data violation has not displayed upon the Division of Health and Human Services’ breach online portal, therefore it remains unclear precisely how many patients had their electronic mail accounts undermined by the breach. Formal notices were sent to staff members impacted by the breach.
There have been no reports of any health information being used carelessly. Nevertheless, since private health information might have been acquired by the cyber attackers, UnityPoint Health has suggested that affected people should use measures to protect their data. Those actions looking over insurers’ Explanation of Benefits statements, keeping a close eye on accounts for fake behavior, and getting in touch with insurers for a whole list of all medical facilities paid under their insurance plan and to cautiously check the list for any facilities that have not been received.
The hacking occurrence has led to UnityPoint Health to increase safety controls to avoid similar occurrences from being felt in the time to come.