UnityPoint Health has revealed that several employee email accounts were subject to a phishing attack. Upon discovery of the incident on February 15, UnityPoint changed the passwords of the affected accounts and enrolled forensic specialists to investigate.
Affected information included patient names, dates of birth, medical information including treatments and diagnoses, insurance information, and, in some cases, financial information and Social Security numbers. The compromised data could have been accessed as far back as November 1, 2017.
The number of patients affected by the incident has not been publicly disclosed, nor has the incident been listed on the U.S Department of Health and Human Services Office for Civil Rights
Affected individuals are being informed by letter and, although there is no evidence of information misuse, are being advised to take precautionary measures to protect their medical information. UnityPoint has apologized for the incident, and is reviewing its security practices to prevent similar incidents in the future.
The most important line of defense against a phishing attack is the email recipient. If your staff can identify and correctly respond to a malicious email, the danger can be mitigated.
Increase phishing awareness
Our Phishing Staff Awareness Course gives your staff an introduction to phishing scams, and helps reduce the chance that an employee will hand over confidential information, or inadvertently infect your organization’s systems. The course helps employees identify phishing attacks, explains what would happen should they fall victim, and shows them how they can mitigate the threat of an attack.