UnityPoint Health has revealed that over 1 million of its customers might have had their private health information hacked during a recent email attack. The company says the attack did not electronic medical records or billing information. Letters were sent out to all affected patients.

UnityPoint says that it discovered the attack on its business email back on May 31st, and notified law enforcement immediately. An investigation discovered that the company had received a series of fraudulent emails that appeared to have come from an executive with UnityPoint. Some employees then responded by giving up their confidential sign-in information. That gave the attackers access to the worker's email access between March 14th and April 3rd.

Patient information that might have been stolen includes names, addresses, date of birth, medical record numbers, and insurance information. The attackers might have also gained access to Social Security numbers and drivers license information.

UnityPoint is offering free credit monitoring services for one year, for any patient that had their Social Security number of driver's license number stolen. Patients who are concerned they might have been affected can call 1-888-266-9285 for more information.

 

[via KCRG]