UnityPoint says the fraudulent emails were disguised to appear to have come from a trusted executive within the organization. The phishing emails tricked some employees into providing their confidential sign-in information which gave attackers access to their internal email accounts between March 14th and April 3rd of this year. Those email accounts contained various information on patients that included their Social Security numbers and may’ve included credit card and bank information as well.
A spokesperson for UnityPoint says they are not taking any questions from reporters on the issue and are sticking with information their news releases. That release includes this statement: “We take our responsibility to protect patient information very seriously and deeply regret this incident occurred,” said RaeAnn Isaacson, Privacy Officer, UnityPoint Health. “While we are not aware of any misuse of patient information related to this incident, we are notifying patients about what happened, what information was involved, what we have done to address the situation, and what patients can do to help protect their information.”
The UnityPoint statement says they are offering free credit monitoring to those impacted by the information breach. UnityPoint Health has also established a dedicated and confidential toll-free helpline at 1-888-266-9285. The helpline is available Monday through Friday, 8:00 a.m. to 8:00 p.m. Central Time. In addition, UnityPoint Health has established a dedicated website (www.unitypoint.org/security-notice) where patients can access information regarding the incident, including frequently asked questions and tips for protecting their information.