DES MOINES, Iowa– It’s the second cyber security breach to hit UnityPoint Health this year.
This time, it could impact more than a million across the state.
“My entire family is affected,” Des Moines resident Steven Feathers said.
Feathers, his family and 1.4 million others received a letter from UnityPoint.
“Indicating their employees had fallen for a phishing scam and given out their credentials,” Feathers said.
This happened back in March and April 2018, UnityPoint learned of the phishing attack in May and, sent an alert to all patients nearly a month after in June.
“Quite frankly I feel violated they are not allowed to give my information out,” Feathers said.
UnityPoint says Feathers’ personal and medical information is at risk.
“Medical record number, medical information, treatment information, lab results, medication, surgical results, provider and insurance information,” Feathers said. “To have all of this information released is disconcerting”.
In a statement, UnityPoint says they are not aware of any misuse of patient information related to this and have reset all passwords, conducted training and installed a scam prevention technology.
Patients are left wondering why someone would do this.
“One reason they can use them is for fraudulent insurance claims, the other scam we see commonly is marketing things like medical devises,” Bill Pearson Assistant Iowa Attorney General said.
This isn’t a first, back in April UnityPoint notified more than 16,000 patients about a separate phishing email.
This security breach is among thirty others reported to the Iowa Attorney General’s Office in 2018.