UnityPoint Health to pay $2.8M+ settlement over phishing attacks: 6 details

West Des Moines, Iowa-based UnityPoint Health agreed to settle a proposed class action claim related to two cybersecurity concerns that compromised patient information, according to Law360.

Six things to understand:

The health system reported a preliminary phishing attack that began in November 2017 and reported in February 2018. The health system alerted afflicted individuals of the very first data breach around April 17, 2018 and the 2nd data breach around Aug. 2, 2018.

2. The first phishing attack compromised 16,429 clients details and the 2nd breach possibly affected 1.4 million people. After the breaches, the health system carried out two-factor authentication to avoid future attacks.

3. The class action claim declares the health system didnt alert clients of the breach in a timely manner and informed clients Social Security numbers werent jeopardized, but they were.

4. UnityPoint Health consented to a minimum of $2.8 million settlement on June 26, covering monitoring expenses. The settlement likewise enables up to $1,000 per person in normal costs and as much as $6,000 in extraordinary expenditures per individual.

5. The settlement allows those impacted to delay credit tracking for a default and a year payment of time invested for $15 per hour for approximately three hours per individual.

6. There is not an international cap on settlement benefits, so all members of the settlement calss can acquire complete payment for valid claims.

More short articles on cybersecurity:10 health system malware, ransomware and phishing events this monthUCSF pays $1M+ ransom to unlock medical schools computer systemsUF Health organisation associate email hack exposes details of health strategy members

The health system reported a preliminary phishing attack that began in November 2017 and reported in February 2018. The health system informed afflicted people of the first information breach around April 17, 2018 and the second data breach around Aug. 2, 2018.

© Copyright ASC COMMUNICATIONS 2020. Intrigued in LINKING to or REPRINTING this material? View our policies by click on this link.

UnityPoint Health concurred to a minimum of $2.8 million settlement on June 26, covering monitoring expenses.

After the breaches, the health system executed two-factor authentication to prevent future attacks.