The Unity Point Health System in Iowa must notify 1,800 patients that their records were compromised. An employee of a third party contractor of the Health System had unauthorized access to the records when logging into records in the electronic health record system. The individual reportedly accessed the records between February and August 2013.
The data in the records included name, address, date of birth, health insurance, medical diagnosis and other health information. Some records included Social Security number and driver’s license number.
The Health System is offering free credit monitoring to the impacted individuals, consistent with the breach notification requirements under HIPAA.