April 25, 2018
It has been noticed that UnityPoint Health worker accounts have been compromised and retrieved by illegal people.
The employees’ electronic mail accounts were originally retrieved on November 1, 2017 and went on for a duration of three months until February 7, 2018, when the phishing attack was noticed and access to the compromised electronic mail accounts was barred.
Upon noticing the phishing attack, UnityPoint Health hired a computer forensics firm to probe the level of the breach and the number of patients that were targeted. The probe found that a broad range of protected health information had probably been obtained by the hackers, which included names together with one or more of the following data elements:
Number of medical records, diagnoses, lab test results, surgical description, treatment details, times of service, age details, provider information and insurance data.
The Division of Health and Human Services’ breach portal has not yet printed the particulars of the safety breach, therefore it remains unclear precisely how many patients have been in some way harmed by the breach. Warnings to people affected by the breach were first dispatched on April 16, 2018.
So far there have been no statements presented to inform any health information being abused to gain profit. Nevertheless, as protected health information may have been thieved by the hackers, The UnityPoint Health business has suggested anybody who might have been impacted must take measures to protect against insurance racket and identity theft. Those steps include monitoring accounts for fraudulent activity, monitoring insurers’ Explanation of Benefits statements, and getting in touch with insurers for a complete list of all medical facilities paid under their insurance plan and to carefully check the list for any facilities that have not been administered.
The incident has resulted in UnityPoint Health increasing security controls to stop similar occurrences in the future.