Threat Watch

UnityPoint Phish Affects 1.4 Million

West Des Moines Iowa’s UnityPoint Health officials have notified their 1.4 million patients that personal information may have been exposed in a breach. Hackers apparently used phishing techniques after some employees were “tricked into providing login information,” to gain access to the company’s email network and obtain information in emails pertaining to patient care. The breach occurred between March 14th  and April 3rd of this year. The hack was discovered on May 31st, and UnityPoint immediately notified the FBI and hired a computer forensics firm to investigate the attack. Most of the exposed information was personal—such as diagnosis and types of care, but Social Security numbers, driver’s license numbers, and banking information may have also been exposed for a “limited number of individuals.” UnityPoint said they will offer one year of free credit monitoring for the latter. In April, the healthcare firm had also suffered a phishing breach, which affected 16,400 patients. “We continue to work closely with leading experts to learn from our experience and help our organization — and other health care organizations — prevent these kinds of cybercrimes,” a hospital official said. UnityPoint is the 13th largest nonprofit healthcare organization in the US.

ANALYST NOTES