UnityPoint Health, a multi-hospital group serving parts of Iowa, Illinois, and Wisconsin, is alerting 1.4 million patients to the second data breach the company has suffered this year. And it's not just the second breach; it's the second breach initiated through a phishing attack.
In the first attack, which occurred in April, was reported to jeopardize employee email accounts which could lead to the compromise of birth dates, Social Security numbers, medical record numbers, treatment and surgical information, diagnoses, lab results, medications, providers, insurance information, and service dates.
The most recent breach also targeted employee email accounts, with the most recent exploit possibly adding payment card information to the lost data mix.
UnityPoint reports that it has reset email passwords, added anti-phishing training for employees, and deployed additional anti-phishing technology.