An email-phishing attack has placed
information of approximately 1.4 million
patients cared for by UnityPoint Health
at risk
information of approximately 1.4 million
patients cared for by UnityPoint Health
at risk
Cyberattackers put approximately 1.4 million UnityPoint patients at risk
August 02, 2018
by John R. Fischer, Senior Reporter
The protected health information of approximately 1.4 million individuals cared for by UnityPoint Health in Iowa, western Illinois and southern Wisconsin may have been compromised by an email phishing scam found within its business email system.
Discovered in May, the news was disclosed this week in letters sent out to patients, explaining that attackers gained access to the system under the guise of what was thought to be a trusted employee within the organization who messaged and tricked staff members into providing confidential sign-in information. The attack is the second to rock the health system in months, following another email phishing scam disclosed in April that may have impacted approximately 16,400 patients.
“We have worked to identify the problem, secure our systems and minimize the risk of this kind of criminal attack affecting our organization again,” Amy Varcoe, a spokesperson for UnityPoint Health, told HCB News. “Our immediate priority is to make sure our patients and the communities we serve get the answers they need.”
Following the discovery, the provider informed law enforcement agencies and has since launched an investigation into the matter with a computer forensics firm to determine the size and scope of the attack, and those potentially impacted.
Unauthorized access of internal email accounts took place between March 14 and April 3, with those compromised consisting of standard reports on healthcare operations and containing protected health information and personal information for certain patients that was communicated between staff in the form of emails and attachments.
Specific information that may have been compromised includes patient names as well as addresses, dates of birth, and medical information pertaining to treatment, surgery, record numbers, diagnoses, lab results, dates of service, medications, providers and insurance information.
Social security and driver license numbers may also have been affected, as well as card information and bank account numbers for a limited number of patients. Breaches were not found in the provider’s electronic medical records and patient billing systems.
Though no known or attempted misuse of patient data has been reported at this time, patients are advised to review account statements for fraudulent or irregular activity, including statements for explanation of benefits, and to report any items not recognized to their insurance and care providers.
Those whose social security and drivers license numbers were included in compromised accounts will be provided with one year of credit monitoring services funded by UnityPoint Health as part of its approach for mitigating the potential misuse of data and rectifying the situation.
Law enforcement agencies have reported dramatic rises in such attacks, with many carried out by international criminal organizations looking to gain financially from information retrieved. The scam, according to forensic experts and law enforcement, most likely targeted data on business funds, such as payroll or vendor payments.
Around 78 percent of providers experienced email-related cyberattacks throughout 2017, according to a survey conducted in December by Mimecast, with more than a dozen instances occurring in many individual cases. About 93 percent of respondents rated email as ‘mission critical’ in the running of their individual organization’s operations.
“Everything you can do with an email can be used as part of an attack,” David Hood, cyber resilience strategist for health care at Mimecast, told HCB News. “Attachments can be unsafe, links can be unsafe. Even the words in an email can be unsafe in the case of an impersonation attack that looks like it’s coming from someone at the organization but really originates externally.”
As part of its response, the company has implemented a series of steps to protect its systems from future attacks, including the resetting of passwords for compromised systems to prevent unauthorized access; the implementation of a multi-factor, multiple step authentication process for identity verification; and the installation of technology for detecting suspicious external emails.
In addition, employees will take part in mandatory education workshops to learn how to recognize and avoid phishing emails.
Concerned patients are advised to contact the hospital at its confidential toll-free help line at 1-888-266-9285 for more information.
Discovered in May, the news was disclosed this week in letters sent out to patients, explaining that attackers gained access to the system under the guise of what was thought to be a trusted employee within the organization who messaged and tricked staff members into providing confidential sign-in information. The attack is the second to rock the health system in months, following another email phishing scam disclosed in April that may have impacted approximately 16,400 patients.
“We have worked to identify the problem, secure our systems and minimize the risk of this kind of criminal attack affecting our organization again,” Amy Varcoe, a spokesperson for UnityPoint Health, told HCB News. “Our immediate priority is to make sure our patients and the communities we serve get the answers they need.”
Following the discovery, the provider informed law enforcement agencies and has since launched an investigation into the matter with a computer forensics firm to determine the size and scope of the attack, and those potentially impacted.
Unauthorized access of internal email accounts took place between March 14 and April 3, with those compromised consisting of standard reports on healthcare operations and containing protected health information and personal information for certain patients that was communicated between staff in the form of emails and attachments.
Specific information that may have been compromised includes patient names as well as addresses, dates of birth, and medical information pertaining to treatment, surgery, record numbers, diagnoses, lab results, dates of service, medications, providers and insurance information.
Social security and driver license numbers may also have been affected, as well as card information and bank account numbers for a limited number of patients. Breaches were not found in the provider’s electronic medical records and patient billing systems.
Though no known or attempted misuse of patient data has been reported at this time, patients are advised to review account statements for fraudulent or irregular activity, including statements for explanation of benefits, and to report any items not recognized to their insurance and care providers.
Those whose social security and drivers license numbers were included in compromised accounts will be provided with one year of credit monitoring services funded by UnityPoint Health as part of its approach for mitigating the potential misuse of data and rectifying the situation.
Law enforcement agencies have reported dramatic rises in such attacks, with many carried out by international criminal organizations looking to gain financially from information retrieved. The scam, according to forensic experts and law enforcement, most likely targeted data on business funds, such as payroll or vendor payments.
Around 78 percent of providers experienced email-related cyberattacks throughout 2017, according to a survey conducted in December by Mimecast, with more than a dozen instances occurring in many individual cases. About 93 percent of respondents rated email as ‘mission critical’ in the running of their individual organization’s operations.
“Everything you can do with an email can be used as part of an attack,” David Hood, cyber resilience strategist for health care at Mimecast, told HCB News. “Attachments can be unsafe, links can be unsafe. Even the words in an email can be unsafe in the case of an impersonation attack that looks like it’s coming from someone at the organization but really originates externally.”
As part of its response, the company has implemented a series of steps to protect its systems from future attacks, including the resetting of passwords for compromised systems to prevent unauthorized access; the implementation of a multi-factor, multiple step authentication process for identity verification; and the installation of technology for detecting suspicious external emails.
In addition, employees will take part in mandatory education workshops to learn how to recognize and avoid phishing emails.
Concerned patients are advised to contact the hospital at its confidential toll-free help line at 1-888-266-9285 for more information.