Contact: Laura Sinnard, Director, Public Relations & Communications
Laura.email@example.com or (515)241-3600
West Des Moines, IA — Personal information of approximately 1800 hospital patients from across the regions of UnityPoint Health may be at risk following a security breach in the UnityPoint hospital electronic medical record (EMR) system. On August 8, 2013, during the course of a regular audit, UnityPoint detected a pattern of unusual access to certain patient data in its hospital EMR system. UnityPoint opened a review and subsequently learned that an individual employed by a third-party, and not authorized to access the EMR system, had gained access to the EMR system by using the password of individuals who were authorized to access the EMR for medical purposes.
UnityPoint shut off the unauthorized access by forcing a password reset and reported the matter to law enforcement. The law enforcement investigation is ongoing.
Individuals seeking more information or to ask questions directly, may call a special toll-free line which has been set up for this event at (877) 223-3817. Callers will need to use reference number 6688100113. The call center is available Monday through Friday, 8:00 a.m. to 6:00 p.m. Central Time.
The information that may have been accessed for the impacted patients include names, home addresses, dates of birth, medical and health insurance account numbers, and health information related to patient treatment. In addition, for less than ten percent of impacted patients, patient Social Security number and/or Driver’s License number may have been viewed. For four impacted patients, the unauthorized user also accessed information about the patients’ financially responsible party. The unauthorized access occurred over a period from February 2013 through August 2013.
UnityPoint has sent letters to all affected patients, and is offering a credit monitoring product to living adults and families of minors affected. Authorized users of the UnityPoint EMR are being provided additional education on UnityPoint’s strict policies regarding safeguarding their EMR password. In addition, UnityPoint is continuing to implement additional audits to minimize the risk of a similar incident in the future.
Individuals may also email UnityPoint Health at
firstname.lastname@example.org, or may contact UnityPoint Health at: 1776 West Lakes Parkway Suite 400, West Des Moines, IA 50266 Attn: Privacy Officer.