One of Iowa’s main hospital and clinic systems has notified about 1.4 million patients that their personal information might have been breached.
“While we are not aware of any misuse of patient information related to this incident, we are notifying patients about what happened, what information was involved, what we have done to address the situation, and what patients can do to help protect their information,” RaeAnn Isaacson, UnityPoint’s privacy officer, said in a press release Monday.
The hackers also might have obtained some patients’ financial information, such as bank account numbers, UnityPoint said.
The hackers used official-looking emails to obtain employees’ passwords, leading to the breach, the company said. The company said after it discovered the problem May 31, it hired outside experts and notified the FBI.