UnityPoint Health reaches proposed $2.8 million settlement in 2018 data breach case

(KCRG) - UnityPoint Health has reached a proposed $2.8 million settlement after two years of litigation over the two phishing-related data breaches that occurred in 2018.

The 1.4 million victims of the data breach will receive monetary and injunctive relief, including one year of comprehensive credit monitoring and identity theft protection services. Additionally, the victims will receive reimbursement of expenses for the cost of credit monitoring and identity theft protection services.

UnityPoint said it has conducted a full investigation and implemented new safeguards to reduce the likelihood of a similar incident happening again.

On May 31, 2018, UnityPoint discovered the attack on its business email system, notified law enforcement, and started a computer forensices investigation. That Some employees then provided their confidential sign-in information, giving attackers access to the workers' internal email accounts between March 14 and April 3 of 2018. Some of those worker email accounts included emails or attachments containing protected health information and/or personal information for some patients.

Some employees then provided their confidential sign-in information, giving attackers access to the workers' internal email accounts between March 14 and April 3 of this year. Some of those worker email accounts included emails or attachments containing protected health information and/or personal information for some patients.

Patient information possibly included names, addresses, dates of birth, medical records numbers, and insurance information. The attackers might also have gained access to patients’ Social Security numbers and/or driver’s license numbers. UnityPoint said a payment card or bank accounty number might also have been accessed for a limited number of patients.

Copyright 2020 KCRG. All rights reserved.