UnityPoint Health

The email system was the victim of a phishing attack that compromised some employee email accounts.

UnityPoint Health promptly took action to secure the impacted email accounts, changed passwords.

UnityPoint Health determined that protected health information was contained in impacted email accounts, including patient names and one or more of the following: dates of birth, medical record numbers, treatment information, surgical information, diagnoses, lab results, medications, providers, dates of service and/or insurance information.

For a limited number of impacted individuals, information that may have been viewed included Social Security Numbers or other financial information.

Source: https://www.databreaches.net/unitypoint-health-notifying-patients-of-phishing-attack/

"id": "UNI121015622",
"linkid": "unity-point-health",
"type": "Data Leak",
"date": "04/2018",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"