Multiple Staff Email Accounts Accessed in UnityPoint Health Phishing Attack

It has been discovered that the email accounts of several employees of UnityPoint Health hhave been compromised and accessed by unauthorized people.

Access to the staff email accounts was first obtained on November 1, 2017 and went on for a period of three months until February 7, 2018, when the phishing attack was noticed and access to the compromised email accounts was turned off.

When the phishing attack was first noticed, UnityPoint Health sought the services of a computer forensics firm to review the scope of the breach and the number of patients affected. The investigation showed a wide variety of protected health data had possibly been obtained by the attackers, which included names in combination with one or more of the following data pieces of information:

Medical history number, birth date, dates of service, treatment information, surgical information, lab test results, diagnoses, provider data and insurance details.

The security breach has yet to be published on the Department of Health and Human Services’ breach portal, so it is currently unclear the precise amount of patients have been impacted by the breach. Notifications to persons impacted by the breach started to be sent on April 16, 2018.

To date there have been no official reports of any health data being used for ills means. However, since PHI may have been accessed by the hackers, UnityPoint Health has recommended impacted people take steps to protect against insurance fraud an identity theft. Those steps include overlooking insurers’ Explanation of Benefits statements, reviewing accounts for fraudulent activity, and contacting insurers for a full list of all medical services paid under their insurance policy and to check the list for any services in details that have not been filed yet.

The incident has lead to UnityPoint Health to enhance security controls to stop similar incidents from happening again.

Author: Maria Perez