Phishing attack compromised the data of 1.4 million UnityPoint Health patients
UnityPoint Health in Des Moines, Iowa, is warning patients of a data breach that could impact 1.4 million patients.
A series of phishing attacks disguised as emails from a trusted executive within the organization resulted in an employee taking the bait enabling access to sensitive company information.
Patient information including names, addresses, dates of birth, medical record numbers, medical information, treatment information, surgical information, diagnoses, lab results, medications, providers, dates of service and/or insurance information were all compromised in the incident.
Social Security numbers, driver’s license numbers, and even payment card information for some patients were compromised.
Officials discovered the incident on May 31, 2018, when they learned a phishing attack resulted in the unauthorized access to the information and notified law enforcement as well as opened an investigation into the breach.
The threat actor was to able obtain confidential sign-in information and gained access to the accounts between March 14, 2018, and April 3, 2018, and officials said unauthorized access to protected health information and personal information may have occurred.
Employees have been instructed to reset passwords for all compromised accounts to prevent further unauthorized access and will attend mandatory education to recognize and avoid future phishing attempts.
Officials have also strengthened its networks’ digital defenses by adding technology to identify suspicious external emails and have implemented multi-factor authentication which requires users to go through multiple steps to verify their identity in order to access the systems
Those who were potentially affected were also notified of the incident and will be entitled to one free credit report every twelve months from each of the three major nationwide credit reporting companies as mandated by law.
The attack has impacted patients in both Iowa and North Carolina.
Free Active Directory Assessment
Get Visibility Into Privilege And Service Account Exposure
For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.
Try Our Endpoint Detection Net (EDN) for Free
FAST AND EASY
Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.
ADSecure 90-Day Free Trial
GET PROTECTION AGAINST UNAUTHORIZED ACCESS TO ACTIVE DIRECTORY
- Hide and deny access to AD objects
- Get alerted on unauthorized queries
- Attack details easily viewable in dashboard
- Your data remains on-premise