UnityPoint Security Breach Puts Records of 1,800 Patients at Risk

By Erin Jordan, Reporter


By Katie Stinson


Personal information of 1,800 UnityPoint Health patients, including about 350 patients in the Cedar Rapids area, may be at risk following a security breach in the network’s electronic medical record.

Hospital employees discovered the breach Aug. 8 during a regular security audit, UnityPoint Spokeswoman Laura Sinnard said. They traced the breach back to an authorized user who gave the log-in and password information to someone else, who tapped into the records with high enough frequency to raise red flags during the audit, Sinnard said.

UnityPoint forced a password reset and reported the breach to the FBI, which is investigating.

Information that may have been accessed for affected patients includes names, home addresses, dates of birth, Social Security Numbers, medical account numbers, health insurance account numbers and Driver’s License Numbers, health information about patient treatment, and information about the patient’s financially-responsible party.

The unauthorized access occurred from February through August for patients across the state.

UnityPoint sent letters to all affected patients and is offering credit monitoring and identity-protection assistance to those affected. So far, no one has reported any fraud or theft, Sinnard said.

Authorized users of the UnityPoint Health Electronic Medical Record (EMR) are being provided additional education on existing procedures, including the importance of safe-guarding their password, Sinnard said.

“We do take the security of our patient information very seriously,” she said.

Des Moines-based UnityPoint Health, which includes St. Luke’s Hospital in Cedar Rapids, is a system of 30 hospitals and 280 physician clinics, as well as home care services in Iowa and Illinois. The network was called Iowa Health System before an April name change.

Neither party involved in the security breach is a UnityPoint employee, but the authorized user had access as part of the network partnerships, Sinnard said.

Conversation Guidelines

Be Kind

Don't use abusive, offensive, threatening, racist, vulgar or sexually-oriented language.
Don't attack someone personally. Keep it civil and be responsible.

Share Knowledge

Be truthful. Share what you know and what you are passionate about.
What more do you want to learn? Keep it simple.

Stay focused

Promote lively and healthy debate. Stay on topic. Ask questions and give feedback on the story's topic.

Report Trouble

Help us maintain a quality comment section by reporting comments that are offensive. If you see a comment that is offensive, or you feel violates our guidelines, simply click on the "x" to the far right of the comment to report it.

read the full guidelines here »

Commenting will be disabled on stories dealing with the following subject matter: Crime, sexual abuse, property fires, automobile accidents, Amber Alerts, Operation Quickfinds and suicides.

facebook twitter rss mobile google plus
email alerts you tube hooplanow pinterest instagram

What's On KCRG