UnityPoint Health in Wisconsin has revealed it was the target of a cyberattack that may have compromised the personal information of 16,000 patients.
Staff at UnityPoint in Madison discovered Saturday that a phishing attack has jeopardized staff email accounts. Employees scrambled to change passwords in the hopes of securing information and also had outside experts come in to analyze information that had possibly been compromised.
UnityPoint is the latest in a steady stream of hospitals, physician practices, health systems and medical device manufacturers to experience security incidents during the last several years around the globe.
Also: The biggest healthcare data breaches of 2018 (so far)
The situation appears to be getting at least a little better, just not quickly enough. In the United Kingdom, for instance, all 200 NHS facilities failed a cyber assessment nearly a year after the WannaCry attack shocked healthcare and other industries, the U.K. Commons Public Accounts Committee said on Friday.
“To date, we are not aware of any reports of identity fraud, theft, or improper use of information as a direct result of this incident,” Unity Point said in a statement. “However, we want to make impacted individuals aware of the situation so they can take precautionary measures to protect their health information.”
Birth dates, social security numbers, medical record numbers, treatment and surgical information, diagnoses, lab results, medications, providers, insurance information and service dates were all potentially affected.
Impacted email accounts may have been accessed between Nov. 1, 2017, and Feb. 7, 2018, reports said.
UnityPoint Health is a network of hospitals in Illinois, Iowa and Wisconsin, including UnityPoint Health-Meriter in Madison. The network also includes clinics and other services.