As a result of the phishing attack, hackers may have been able to access various types of patient information — including diagnoses and types of care — that were included in compromised emails. Hackers may have also obtained patients’ financial information, such as bank account numbers.
UnityPoint told the publication that it does not believe hackers were looking for protected health information, but rather sought to divert payments like those for payroll or outside business expenses.
“While we are not aware of any misuse of patient information related to this incident, we are notifying patients about what happened, what information was involved, what we have done to address the situation, and what patients can do to help protect their information,” RaeAnn Isaacson, UnityPoint’s privacy officer, said in a news release July 30.
The organization is offering free credit monitoring to patients whose Social Security numbers or driver’s license numbers were exposed. It’s EMR and billing systems were not affected.
More articles on cybersecurity:
OCR issuing fewer HIPAA penalties in 2018, report suggests
Harvard, UPenn researchers use AI to predict mortality for cancer patients
Vermont agency exposes Medicaid members’ email addresses
At the Becker's 11th Annual IT + Revenue Cycle Conference: The Future of AI & Digital Health, taking place September 14–17 in Chicago, healthcare executives and digital leaders from across the country will come together to explore how AI, interoperability, cybersecurity, and revenue cycle innovation are transforming care delivery, strengthening financial performance, and driving the next era of digital health. Apply for complimentary registration now.
