UnityPoint Health, a network of hospital situated in Iowa, Illinois, and Wisconsin is alerting patients about a data breach impacting 1.4 million patients.
This is the second data breach the company has suffered in a year through the phishing attack. The first breach happened in April which compromised personal data of 16,000 patients.
The leaked data includes birth dates, Social Security numbers, medical record numbers, treatment and surgical information, diagnoses, lab results, medications, providers, insurance information, and service dates.
The company discovered the second breach on May 31, 2018, and the breach happened between March 14, 2018, and April 3, 2018.
In the second breach, the compromised data is same as the first breach but in addition to the first breach payment card details of a few patients were also compromised.
According to reports, the company’s employees were targeted by a series of phishing email disguised as they were sent from a trusted source which resulted in giving hackers access to sensitive company information.
The company has instructed employees to reset the password for all compromised accounts and has conducted a mandatory phishing class for all the employees.
The company has also installed security tools to identify suspicious emails and implemented additional security measure such as multi-factor authentication.
In July, Singapore largest health group also suffered a massive data breach exposing personal information of 1.6 million patients