Mercy Iowa City phishing attack impacts 60K patients

Featured image

Share this article

Mercy Iowa City Phishing Attack Impacts 60K Patients - Paubox

Mercy Iowa City hospital recently announced that an employee’s email account was compromised which potentially exposed thousands of patients’ protected health information (PHI).

What happened?

On June 24, 2020, the hospital noticed unusual activity from an employee’s email account. The team discovered a hacker had compromised the account and sent spam and phishing emails beginning on May 15, 2020.

The email account had access to about 60,000 patients’ personal information, including names, social security numbers, birth dates, driver’s license numbers, and health insurance information.

How did the hacker gain access to an employee email account?

“Like the vast majority of incidents, this breach reportedly started with a phishing email that compromised an employee’s email account,” said Lisa Plaggemier, chief strategy officer at MediaPro.

Cyberattacks on healthcare providers are becoming increasingly common as the pandemic continues. A recent study claims that Q3 2020 saw a 50% increase in daily ransomware attacks as compared to the first half of the year.

SEE MORE: Coronavirus Cyberattacks: How to Protect Yourself

How Mercy Iowa City responded to the hack

Mercy’s investigation showed no evidence of identity theft related to the data breach. However, the company is offering a year of complimentary identity theft protection and credit monitoring to patients who had information exposed.

Mercy took steps to prevent the situation from happening again by enhancing technical safeguards and implementing two-factor authentication.

The hospital now faces an investigation from the Office of Civil Rights (OCR) for HIPAA violations relating to the breach. Mercy may also face additional fines since healthcare providers are supposed to report any data breaches within 60 days of discovery, which Mercy failed to do. The hospital publicly reported the breach five months after noticing the email security compromise.

How Paubox can help prevent similar attacks

Preventing your employees from falling victim to phishing emails is critical to keeping your email security robust.

Although employee training on recognizing ransomware attacks, spam, and phishing emails can be a critical safeguard against cyberattacks, it’s imperative to put up technical safeguards that prevent human error.

Paubox Email Suite Plus provides HIPAA compliant email and numerous security features to keep your email protected against cybercriminals.

Our inbound security tools prevent threats like phishing, spam, viruses, and malware from entering the user’s inbox. It also includes two-factor authentication – which means a user will need more than a username and password to gain access to an account.

For maximum security, you can also upgrade to Paubox Email Suite Premium, which includes data loss prevention (DLP). This feature prevents a user from sending PHI, whether maliciously or unintentionally, to unauthorized users.

Prevent damage to your patients and company by making your email security as robust as possible with Paubox.

Try Paubox Email Suite Premium for FREE today.
Author Photo

About the author

Sara Nguyen

Read more by Sara Nguyen

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022