Mercy Iowa City reports data breach, over 60,000 Iowans affected

A data breach that could have exposed thousands of Iowans' personal data took place this year at Mercy Iowa City.
Published: Nov. 17, 2020 at 8:25 PM CST
Email This Link
Share on Pinterest
Share on LinkedIn

IOWA CITY, Iowa (KCRG) - Unauthorized access to a hospital email account may have revealed the personal information of tens of thousands of Iowans, officials revealed in a letter to those potentially affected.

Mercy Iowa City, and the Chicago-based Polsinelli law firm representing the hospital, said that 60,473 residents of Iowa may have been involved in the security breach, according to the letter sent to those potentially affected dated November 13. The letter says that names, Social Security numbers, driver’s license numbers, dates of birth, medical treatment information, and health insurance information could have been revealed in the incident.

The hospital discovered the issue with an employee’s email account on June 24, 2020, after it was detected that it was sending out spam and phishing emails. The account had been compromised from May 15, 2020, until June 24, according to an investigation. In early October, a security firm that Mercy hired to conduct a more in-depth investigation confirmed that the account could have revealed sensitive customer data.

A copy of the letter was filed with the Office of the Attorney General of Iowa by Polsinelli.

Mercy officials have not been made aware of any instances of identity theft related to this data breach, according to the letter. In cases where a Social Security number or driver’s license number was revealed, the company is providing a year of complimentary identity theft protection through a third-party.

The hospital said that it has taken steps to prevent similar incidents in the future.

Copyright 2020 KCRG. All rights reserved.