Data breach at IVH reported
On Friday, the Iowa Veterans Home began notifying 2,969 persons, including residents, former residents, and applicants, that medical and financial information may have been exposed.
Google and the State of Iowa were targeted with multiple phishing email campaigns in February 2017. In response to the phishing email, three IVH employees provided their credentials, which inadvertently gave the hacker access to their email accounts. The Office of the Chief Information Officer and the Iowa Veterans Home jointly responded and coordinated the recovery of the incident and have worked together to implement additional measures to prevent a similar occurrence in the future, according to an email from IVH Commandant Jodi Tymeson.
The three employee email accounts could have potentially been accessed by the hacker during the short timeframe before access was blocked. At this time, the IVH does not have any evidence to indicate the hacker actually accessed any of the exposed emails, however, in an overabundance of caution, “we are including every possible person, estimated at 2,969 in the notification process. The types of information that may have been accessed include, but are not limited to: name, mailing address, phone number, medical information, and social security number,” Tymeson said.
The IVH is posting a website notice at http://www.ivh.iowa.gov and providing a toll-free telephone number at (800) 645-4591 for those who may have questions.