UnityPoint Health in West Des Moines, Iowa, notified 1.4 million patients that some of their personal information may have been compromised after hackers broke into its email system using phishing tactics, the Des Moines Register reports.
As a result of the phishing attack, hackers may have been able to access various types of patient information — including diagnoses and types of care — that were included in compromised emails. Hackers may have also obtained patients' financial information, such as bank account numbers.
UnityPoint told the publication that it does not believe hackers were looking for protected health information, but rather sought to divert payments like those for payroll or outside business expenses.
"While we are not aware of any misuse of patient information related to this incident, we are notifying patients about what happened, what information was involved, what we have done to address the situation, and what patients can do to help protect their information,” RaeAnn Isaacson, UnityPoint’s privacy officer, said in a news release July 30.
The organization is offering free credit monitoring to patients whose Social Security numbers or driver’s license numbers were exposed. It's EMR and billing systems were not affected.