An information breach at an Iowa hospital has uncovered the Social Safety numbers and personal medical info of greater than 60,000 sufferers.
Mercy Iowa City started notifying sufferers on November 13 of an information breach that occurred in spring 2020 after an worker’s e-mail account was accessed by a menace actor.
The hospital detected the breach on June 24 when the focused account started sending out phishing emails and spam. An investigation revealed that the hacked account had been compromised between Could 15 and June 24.
Safety consultants introduced in to scrutinize the incident confirmed in October that delicate affected person information may have been accessed by the attacker.
Knowledge uncovered could have included names, Social Safety numbers, driver’s license numbers, and medical insurance info.
Chicago-based Polsinelli legislation agency, representing the hospital, mentioned that 60,473 Iowa residents could have been impacted by the safety incident.
In a letter despatched out to affected Iowa residents on the hospital’s behalf, Bruce Radke of Polsinelli acknowledged: “Mercy is just not conscious of any fraud or identification theft to any particular person on account of this incident. Nonetheless, as a result of there was an e-mail account compromise, Mercy searched the impacted account to find out if it contained any private info which will have been seen by the third occasion.
“Mercy decided that the compromised account contained sure private info, together with, relying on the particular person, their title, Social Safety quantity, driver’s license numbers, date of beginning, medical remedy info, and medical insurance info.”
Mercy Iowa Metropolis is providing one 12 months of complimentary identification theft safety companies to sufferers whose driver’s license numbers and Social Safety numbers could have been compromised.
The hospital mentioned that it’s implementing a collection of cybersecurity measures together with multi-factor authentication to stop any extra breaches from occurring.
“Now we have taken steps to scale back the danger of the kind of incident occurring sooner or later, together with enhancing our technical safety measures,” mentioned Mercy’s privateness officer, Kelli Hale.
This newest information spill is the second and worst breach to happen at Mercy Iowa Metropolis. In 2016, the acute care hospital reported a safety breach which will have uncovered the knowledge of 15,625 sufferers.