Phishing Attack On Hospital Could Impact 1.4 Million Patients

Posted on August 3, 2018 I Written By

Anne Zieger is veteran healthcare branding and communications expert with more than 25 years of industry experience. and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also worked extensively healthcare and health IT organizations, including several Fortune 500 companies. She can be reached at @ziegerhealth or www.ziegerhealthcare.com.

A hospital in West Des Moines, Iowa has entered its third month of public disclosure after experiencing a data breach which could impact 1.4 million patients.

On May 31st, UnityPoint Health discovered that a phishing attack on its business email system had created a breach. Its investigation found that the company got a series of fraudulent emails pretending to have come from an executive within UnityPoint. After contacting law enforcement and beginning to research the situation, UnityPoint disclosed the existence of the breach to the public.

The patient information exposed includes names, addresses, dates of birth, medical record numbers and insurance information. Cyber attackers may also have gotten access to patient Social Security numbers and/or drivers’ license numbers. In a limited number of cases, attackers might even have been able to access patients’ payment card or bank account numbers.

Since then, UnityPoint has continued to keep its patients aware of any news on the situation, a painful yet necessary process which can help it rebuild its credibility. After all, it’s likely that the news of UnityPoint’s breach will get consumers very upset.

In fact, a new survey by SCOUT in partnership with The Harris Poll found that 49% of America adults are extremely or very concerned about the security of their personal health information. Given the fact that they’ve been hit with news of such breaches very regularly in recent years, it’s little wonder.

It’s worth noting that many consumers aren’t using online healthcare tools very often. For example, while 39% of those aged 18 to 34 used online portals to access their health information, all told only 36% of Americans overall use this technology.

As their health information knowledge increases, though, most patients become more concerned with what providers do to protect the privacy and security of their healthcare data. They learn how valuable this data is to potential buyers, and how there’s a ready market for their data in clandestine, impossible-to-track sites on the Dark Web.

Also, as the tenor of news coverage shifts from technical terms like “data breach” to tales of what happened to specific consumers, it’s likely that consumers will develop a more realistic view of what’s at stake here. If they’re freaked out at that point, they’ve probably figured out how a breach could impact their lives.