UnityPoint hospital patient records compromised
Records and personal information for about 1,800 patients of UnityPoint Health, which includes four Trinity locations in the Quad Cities area, were accessed by someone who wasn’t supposed to get into the system.
A spokesperson for UnityPoint Health said they discovered a security breach during a routine audit August 8, 2013. The audit showed a pattern of unusual access to certain patient information. An internal investigation revealed an unauthorized person, employed by a third party, used passwords of people with access to get into the electronic medical records system between February and August 2013.
The spokesperson did not identify the third party for whom the unauthorized person worked.
Names, home addresses, birthdates, health information and medical and insurance account numbers may have been accessed during the security breach. Social Security and/or driver’s license numbers may have been viewed for less than ten percent of the estimated 1,800 patients whose records were accessed.
In four of the cases, the unauthorized person also got into information about the person financially responsible for the patient.
“UnityPoint shut off the unauthorized access by forcing a password reset and reported the matter to law enforcement. The law enforcement investigation is ongoing,” said a statement on behalf of UnityPoint.
Letters were sent to all of the patients whose records were affected by the breach.
An information line was set up to handle questions about this security breach at (877) 223-3817. Callers will need to use reference number 6688100113. The call center is available Monday through Friday, 8:00 a.m. to 6:00 p.m. Central Time.
Questions can also be emailed to UnityPoint Health at firstname.lastname@example.org, or submitted by mail at 1776 West Lakes Parkway Suite 400, West Des Moines, IA 50266 Attn: Privacy Officer.
A similar incident happened in May and June 2013, when thousands of Genesis Health Systems patient records were compromised. That security lapse was blamed on a medical transcription company used by a physicians’ group associated with Genesis Health Systems.