Lowa-based health system UnityPoint Health has fallen victim to a recent data heist that compromised 1.4 million patient records. According to an official statement from the company, the issue began when UnityPoint Health received a series of phishing emails that trapped some employees to provide their sign-in credentials. This gave the hackers unauthorized access to the company’s business email accounts. The organization discovered the incident on May 31, 2018, and notified the victims about the data theft.
Around 1.4 million people are being informed about the unauthorized access to protected personal and health information by compromising the company’s business email system. The health system stated that the fraudulent emails were designed to appear to have come from a trusted executive within the organization. The compromised data included patients’ names, addresses, dates of birth, medical record numbers, treatment and surgical information, diagnoses, lab results, medications, dates of service, and insurance information.
The health system stated that they’ve informed law enforcement authorities about the data heist and launched an investigation with a computer forensics firm. To prevent further loss, the health system implemented a multi-factor authentication to verify the users before accessing their accounts and educated employees to identify and avoid phishing emails or attachments.