1.4 million patient records breached in UnityPoint Health phishing attack

UnityPoint Health has suffered a second breach this year, with 1.4 million patient records potentially compromised during a phishing attack. The attack, which occurred between March 14 and April 3, targeted the health system’s business email system. The breach is believed to be financially motivated, and while EHR and billing systems were not impacted, the hacked accounts did contain protected health information, payment card details, and social security numbers. UnityPoint has taken measures to enhance cybersecurity, including resetting passwords and implementing multi-factor authentication.