Several Employee Email Accounts Compromised in UnityPoint Health Phishing Attack
UnityPoint Health has discovered the email accounts of several employees have been compromised and accessed by unauthorized individuals.
Access to the employee email accounts was first gained on November 1, 2017 and continued for a period of three months until February 7, 2018, when the phishing attack was detected and access to the compromised email accounts was blocked.
Upon discovery of the phishing attack, UnityPoint Health engaged the services of a computer forensics firm to investigate the scope of the breach and the number of patients impacted. The investigation revealed a wide range of protected health information had potentially been obtained by the attackers, which included names in combination with one or more of the following data elements:
Medical record number, date of birth, service dates, treatment information, surgical information, lab test results, diagnoses, provider information, and insurance information.
The security breach has yet to appear on the Department of Health and Human Services’ breach portal, so it is currently unclear exactly how many patients have been affected by the breach. Notifications to individuals impacted by the breach started to be mailed on April 16, 2018.
To date there have been no reports of any health information being used inappropriately. However, since PHI may have been obtained by the attackers, UnityPoint Health has recommended affected individuals take steps to protect against insurance fraud an identity theft. Those steps include reviewing insurers’ Explanation of Benefits statements, monitoring accounts for fraudulent activity, and contacting insurers for a full list of all medical services paid under their insurance policy and to carefully check the list for any services that have not been received.
The incident has prompted UnityPoint Health to strengthen security controls to prevent similar incidents from occurring in the future.