DES MOINES, Iowa (AP) – A health system that operates multiple hospitals and clinics in Iowa says someone had unauthorized access to the personal records of about 1,800 patients. UnityPoint Health said in a news release Wednesday that the unidentified individual may have viewed names, insurance account numbers, as well as Social Security numbers and driver’s license numbers.
Letters have been sent to affected patients about the security breach, which occurred between February and August. They will be offered a credit-monitoring service, and law enforcement is investigating the incident.
UnityPoint said the person who viewed the records was employed through a third-party and used other people’s passwords to get into the electronic medical record system. UnityPoint, previously called Iowa Health System, operates in both Iowa and Illinois.