UnityPoint Health Admits Data Breach Affecting 1,800 Patients


Iowa's UnityPoint Health recently announced that 1,800 hospital patients' personal information may be at risk following a breach of UnityPoint's hospital electronic medical record (EMR) system (h/t PHIprivacy.net).

During a regular audit on August 8, 2013, UnityPoint says it detected a pattern of unusual access to patient data. The company eventually determined that an individual employed by a third party and not authorized to access the EMR system had used authorized individuals' passwords to gain access to the system from February 2013 to August 2013.

In response, the company forced a password reset and reported the incident to law enforcement.

According to UnityPoint, the individual may have accessed the affected patients' names, home addresses, birthdates, medical and health insurance account numbers, and health information related to patient treatment. For less than 10 percent of those affected, Social Security numbers and/or driver's license numbers may also have been accessed. Information on four patients' financially responsible parties may have been accessed as well.

All those affected are being offered free access to a credit monitoring service, and authorized users of UnityPoint's EMR system are being provided with additional education on the company's policies regarding safeguarding EMR passwords.