Cyber Incident Victim: UnityPoint Health

In March and April 2018, UnityPoint Health experienced a phishing attack compromising employee email accounts and exposing sensitive patient data. Between March 14 and April 3, attackers sent fraudulent emails impersonating a trusted company executive, successfully deceiving employees into disclosing their login credentials. This unauthorized access enabled attackers to infiltrate internal email systems for nearly three weeks. The compromised accounts contained emails and attachments with protected health information and personal details of approximately 1.4 million patients, including standard operational reports used in healthcare administration. UnityPoint Health publicly disclosed the breach in August 2018 through local media outlets and official notices, confirming the attack vector as credential theft through executive impersonation. The organization acknowledged that patient information may have been accessed but emphasized no evidence of actual data misuse had been identified during their investigation.

The incident impacted patient records containing both medical and personal identifiers, though specific data types weren't enumerated beyond general references to protected health information. UnityPoint Health initiated breach notifications to affected individuals and regulatory bodies as required by healthcare privacy regulations. While the organization didn't detail technical containment measures in public statements, the unauthorized access period concluded by April 3, 2018. Security experts cited in media reports highlighted the healthcare sector's vulnerability to such targeted phishing campaigns, particularly those exploiting organizational hierarchies to bypass employee skepticism. The breach underscored operational risks associated with email-based workflows handling sensitive patient data, though UnityPoint Health's disclosure maintained no clinical systems or medical devices were directly compromised beyond the email accounts themselves.