UnityPoint Health, an Iowa based healthcare provider has announced that it has become a victim of a recent email phishing scam which could have compromised the health and personal information of more than 1 million patients including social security numbers and critical financial information.
The healthcare services provider which has a network of hospitals, clinics, and home care services in Iowa, Illinois and Wisconsin says that data related to more than 1.45 million patients could have been accessed by hackers during the cyber attack that was launched on the servers holding internal email accounts between Mar 14 to April 3rd.
In a statement released on Monday, the nonprofit organization said that the attack on its servers was discovered on May 31st this year and the law enforcement and a third party security company were pressed into the service to investigate the matter in detail.
The investigation revealed that the attack was not caused by an insider threat and confirmed that some officials were tricked via email to provide login credentials to give internal email access to attackers.
All the patients who were affected by the incident have been informed via mail by Unity Point and the health services provided issued an apology for the data spill. For those people whose Social security or driving license numbers were leaked, the company is ready to offer a free credit monitoring service for one full year from June 1st, 2018. A helpline has been allotted for assisting the patients on this note and the number is 888-266-9285.
As a precautionary measure, the company has reset the passwords of all compromised accounts, implemented multi-factor authentication for users, added advanced threat detection technology and is said to conducted mandatory education for employees after the breach.