UnityPoint Health has notified around 1.4 million patients of a recent email phishing incident that may have compromised patient information.
A statement from the health system says the email attack discovered on May 31st had compromised its business email system and may have resulted in unauthorized access to protected health information and other personal information for some patients.
The company says the emails were disguised to appear to have come from one of their executives.
The emails tricked some employees into providing their confidential sign-in information which gave attackers access to their internal accounts between March 14th and April 3rd.
Electronic medical record and patient billing systems were not impacted by the attack.
UnityPoint Health will offer free credit monitoring services for one year to individuals whose Social Security number and/or driver’s license number were included in the compromised email accounts.
It’s the second time this year UnityPoint Health has been attacked.
In April the health group notified approximately 16,400 patients of a separate phishing email attack.
Past patients who have concerns may call 1-888-266-9285 for more information Monday through Friday from 8:00 a.m. to 8:00 p.m.
In addition, UnityPoint Health has established a dedicated website (www.unitypoint.org/security-notice) where patients can access information regarding the incident, including frequently asked questions and tips for protecting their information.