A few months ago, we told you about a data breach at UnityPoint Health that affected 16,400 patients. The breach resulted from a phishing attack on the employees’ email accounts. Though it did not affect a large number of patients, the extent of breach included exposure of personal records of the patients. Now, after four months, UnityPoint Health reports another data breach through a similar cyber attack. However, this time, the number of those affected is in millions.
UnityPoint Health Suffers Another Data Breach In Four Months
UnityPoint Health reports another data breach four months after the previous cyber attack. The firm has uploaded a detailed security notice on their website in which they explained the incident.
“On May 31, 2018, UnityPoint Health discovered that a phishing email attack had compromised its business email system and may have resulted in unauthorized access to protected health information and other personal information for some patients.”
Once again, the breach occurred through phishing attacks on the email accounts of multiple employees. These fraudulent emails appeared to come from a ‘trusted executive within the organization’. Thus, the staff shared their confidential login credentials, giving the scammers the access to their internal emails. The breach continued from March 14, 2018, to April 3, 2018, compromising the patients’ records.
Although they haven’t mentioned any specific number of affected patients in their notice, they are reportedly informing around 1.4 million patients regarding the breach. The compromised details include personal information, Social Security Numbers, driver’s license numbers as well as health-related records of the customers. Worryingly, for some patients, bank account numbers and payment card details have also been breached.
UnityPoint Health Took Security Measures To Contain The Breach
After noticing the breach on May 31, 2018, UnityPoint Health began investigating the matter. They also involved law enforcement authorities to determine the extent of the attack and employed various measures for added data security.
“Upon learning of this attack, UnityPoint Health launched an investigation with an expert computer forensics firm to determine the size and scope of the attack, as well as the number of people potentially impacted. We informed federal law enforcement agencies about this situation. In addition, our organization has taken a number of important steps intended to prevent similar situations from happening in the future.”
Additionally, from July 30, 2018, they have begun mailing notification letters via U.S. Mail to the affected patients. Though they confirm no misuse of breached details, they are notifying the affected patients out of an abundance of caution. They have also offered free credit monitoring for one year to those affected.
Let us know your thoughts in the comments section.