Unitypoint Health Encountered a Phishing Attack

Email system of UnityPoint Health encountered a phishing attack, which may lead to compromising of health and personal data of over million patients in Southern Wisconsin, Western Illinois and Iowa, as per a company media release.

The patient information which is supposedly captured through email comprises: the names and addresses of the patient, their date of birth, treatment information, diagnoses, medical records, medications, lab results, surgical information, dates of service, as well as insurance information, and also possibly the driver's license and Social Security numbers.

Within last four months, this is for the second time that UnityPoint Health has issued a release like this one. In April, an alert regarding a different phishing email attack was sent to 16,400 patients by UnityPoint Health, as posted on July 30th, 2018, by channel3000.com.

As per a company notice, a chain of "phishing" emails were received by UnityPoint Health, which lead to compromising of their business email system. This might have led to an unauthorized access to patient's personal information along with the protected health information. The emails received by the employees of UnityPoint Health seemed as if it has come from an executive who is a trusted source, thus tricking a few of its employees to provide their confidential log-in information. This further helped the attacker's to gain access into employees internal email accounts between 14 March 2018 and 3 April 2018.

As per UnityPoint, they do not believe that the hackers were behind private health information. They suspected that the hackers attacked with a motive to divert the payments, like outside business expenses or payroll. In spite of this, the company has been telling the patients to closely monitor their account statements in order to check for any fraud. Further, the patients, whose driver's license or Social Security numbers have been included in stolen emails, are offered free credit monitoring by the company.

Notification letters have been mailed by the company, to the last available home address of the patients who were suffered by this incident, through U.S. Mail on 30 July, 2018. A helpline number 1-888-266-9285 has been provided to address the queries and concerns of the suffered patients. The helpline number is open for the callers from Monday to Friday between 8:00 a.m. and 8:00 p.m. Central Time.

» SPAMfighter News - 8/7/2018