A press release was released last Friday by Revere Health, a healthcare company located in the US. The statement involves the healthcare company’s exposure to a phishing attack via email sent towards a healthcare company which resulted in endangering the medical records of about 12,000 patients. This also includes the records of cardiology practice patients in St. George.
On the 21st of June, a Revere Health employee’s email got breached for over 40 minutes. As stated by the company, they assume that the hackers did not intentionally release the patients’ medical records and were targeting to launch other kinds of phishing emails to other employees instead. This conclusion has come upon them after investigating the incident for a couple of months. They have found out that the exposed patient medical reports were not shared online and therefore concluded that it is a “low-level risk”. They have advised the affected patients to be wary and monitor if any of their medical records begin to be shared online.
As reported from the press release of Revere Health, the medical records information that was exposed because of the breach includes record numbers, birthdays, insurance provider names, and medical procedures.
In addition, there is no financial data such as credit card information was included in the list of the exposed details.
Furthermore, the spokesperson of Revere Health informed the public that they will conduct cybersecurity training and awareness from the IT department towards their employees who will click on any test-phishing emails that they send out as a test for the whole organization. This is one of their ways to enhance the company’s tech security protocols. They also strongly advise all employees to ensure each content of an email they are receiving before clicking any attached links, including carefully reading the sender’s email address.