The personal and health information of approximately 16,000 patients were potentially compromised by a cybersecurity attack on UnityPoint Health, according to a public notice released this week.
On Feb. 15, UnityPoint Health discovered a phishing attack had compromised the organization’s email system, according to the notice sent earlier this week.
The affected email accounts may have been accessed sometime between Nov. 1, 2017, and Feb. 7 of this year.
It was later determined that the email accounts contained patient information that included patients’ names, dates of birth, medical record numbers, treatment information, surgical information, diagnoses, lab results, medications, providers, dates of service and insurance information.
Social Security numbers and other financial information may have been viewed for a limited number of affected individuals, the notice stated.
As of Friday, officials were not aware of any inappropriate access to the electronic medical record system, UnityPoint Health Spokeswoman Teresa Thoensen said.
Impacted individuals were sent a written notification of the breach starting Monday.
According to the public notice, UnityPoint Health took immediate action to secure those email accounts when the breach was discovered.
ARTICLE CONTINUES BELOW ADVERTISEMENT
“We are working with outside cybersecurity experts to learn from the incident and help our system — and other health systems — prevent the kinds of cybercrimes that affect health care and other sectors every day,” Thoensen said.
UnityPoint Health officials are encouraging affected officials to carefully review account statements for fraudulent or irregular activity.
Individuals can contact UnityPoint Health to learn if their emails were affected by calling 855-331-3612 any time between 8 a.m. to 8 p.m., Monday through Friday.
UnityPoint Health has locations in Iowa, Illinois and Wisconsin.
l Comments: (319) 368-8536; email@example.com