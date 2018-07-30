MADISON, Wis. - UnityPoint Health is notifying patients of another security breach after a new phishing scam within the health company.

This is the second time UnityPoint Health has sent out a release of this nature in four months. In April, UnityPoint Health sent an alert to 16,400 patients about a separate phishing email attack.

UnityPoint Health received a series of "phishing" emails that compromised its business email system and may have resulted in unauthorized access to protected health information and other personal information for some patients. The emails sent to UnityPoint Health employees were disguised to appear to have come from a trusted executive, tricking some employees into providing their confidential sign-in information, which gave attackers access to their internal email accounts from March 14 to April 3, according to a notice from the company.

On May 31 officials discovered that some of the compromised accounts included emails or attachments to emails containing protected health information and other personal information for some patients.

Information involved in the phishing attack could include patient names, dates of birth, medical record numbers, treatment information, surgical information, diagnoses, lab results, medications, providers, dates of service and/or insurance information, according to the notice. In some cases, Social Security numbers, driver's license numbers and credit card and bank information could have been involved.

UnityPoint Health's medical record and billing systems were not impacted by the phishing email attack.

"We take our responsibility to protect patient information very seriously and deeply regret this incident occurred," the notice read. "Upon learning of this attack, we informed law enforcement authorities and launched an investigation with an expert computer forensics firm. We have taken a number of important steps to further protect our system and prevent similar situations from happening in the future.

Officials with the health company said in response to the attack officials have reset passwords for compromised accounts, provided mandatory education for employees on how to avoid phishing emails, added new technology to identify suspicious external emails and issued multifactor identification.

Officials said they are not yet aware of any reports of identity fraud, identity theft or improper use of patient information as a result of this incident.

Law enforcement officials are investigating the attack, but UnityPoint Health officials said they do not know who accessed the accounts.

For more information, call UnityPoint Health's helpline at 1-888-266-9285 or go to their website.