CEDAR RAPIDS, IA (KCRG-TV9) -- More 1.4 million patients may have had their private health information exposed in a recent phishing email attack, according to UnityPoint Health.
Unity Point says it discovered the attack at the end of May and notified the people affected today. They were patients at St. Luke's Hospital in Cedar Rapids, Finley Hospital in Dubuque, Allen Hospital in Waterloo and several others.
The hackers may have gotten information, including payment card or bank account numbers, medical records, addresses and medications.
Ed Leighton-Dick is the President of the data security firm Kingfisher Technologies in Cedar Rapids. He says phishing is a very popular form of hacking, and that the healthcare industry is a big target.
He says, "There's so much valuable information contained in medical records. Everything from a patient's date of birth, frequently a driver's license number, your full name."
Some other tips are hovering over links inside the email to see where they go. He also notes that phishing emails are not well written.
He says, "Badly spelled words, badly written language, badly placed images in the text. Things that just don't seem to make sense. Broken links can also be a good sign of a phishing email."
He says it's hard for anti-virus software to spot those emails. He explains. "Most anti-virus and malware programs are designed to look for those attachments that may be bad. They're not looking for an email from your bank for example that might be slightly different."
Leighton-Dick says UnityPoint patients who had their information compromised should be checking their bank accounts and credit reports to make sure nothing has changed.
UnityPoint says it's not aware of any misuse of patient information, but it is offering one year of free credit monitoring for people whose information was compromised.
UnityPoint has also created a website where patients may access information about the incident.