Those whose social security and drivers license numbers were included in compromised accounts will be provided with one year of credit monitoring services funded by UnityPoint Health as part of its approach for mitigating the potential misuse of data and rectifying the situation.

Law enforcement agencies have reported dramatic rises in such attacks, with many carried out by international criminal organizations looking to gain financially from information retrieved. The scam, according to forensic experts and law enforcement, most likely targeted data on business funds, such as payroll or vendor payments.


Around 78 percent of providers experienced email-related cyberattacks throughout 2017, according to a survey conducted in December by Mimecast, with more than a dozen instances occurring in many individual cases. About 93 percent of respondents rated email as ‘mission critical’ in the running of their individual organization’s operations.

“Everything you can do with an email can be used as part of an attack,” David Hood, cyber resilience strategist for health care at Mimecast, told HCB News. “Attachments can be unsafe, links can be unsafe. Even the words in an email can be unsafe in the case of an impersonation attack that looks like it’s coming from someone at the organization but really originates externally.”

As part of its response, the company has implemented a series of steps to protect its systems from future attacks, including the resetting of passwords for compromised systems to prevent unauthorized access; the implementation of a multi-factor, multiple step authentication process for identity verification; and the installation of technology for detecting suspicious external emails.

In addition, employees will take part in mandatory education workshops to learn how to recognize and avoid phishing emails.

Concerned patients are advised to contact the hospital at its confidential toll-free help line at 1-888-266-9285 for more information.

Back to HCB News

Health IT Homepage