Revenue Cycle Management Company Reports Healthcare Data Breach Impacting 250K

February 24, 2023 - Revenue cycle management company Reventics recently notified 250,918 individuals of a healthcare data breach that impacted some patient information. Reventics detected a cyber intruder within its systems on December 15, 2022 and immediately began investigating the incident.

Memphis, Tennessee-based Regional One Health posted a notice on its website informing patients of the breach – Reventics is a third-party business associate of the Tennessee health system.

The incident potentially exposed patient names, addresses, medical record and patient account numbers, Social Security numbers, dates of birth, driver’s license numbers, health plan names and IDs, financial information, and clinical data.

“In the aftermath of the incident and on an ongoing basis, Reventics internal teams continue to work diligently with their third-party cybersecurity consultants to further fortify Reventics’ systems,” the notice stated.

“Reventics was able to quickly contain the cyber-intruder and continue operations uninterrupted.”

After resolving the breach, Reventics said it implemented updated technical safeguards, including new encryption controls and an updated security risk analysis process. Reventics also provided additional security training for workforce members.

Healthcare Vendor Reports Data Breach

Intelligent Business Solutions (IBS) disclosed a data breach that impacted the personal information of its clients’ patients. According to a notice provided to the Massachusetts Attorney General’s Office, Southeastern Virginia-based Riverside Health System was impacted by the event. Riverside utilizes IBS’ services in relation to its cardio thoracic patients.

IBS discovered suspicious activity within its network on November 14, 2022 and later determined that an unauthorized party had potentially accessed certain systems.

The data impacted by the breach may have included Social Security numbers, health insurance information, medical treatment and procedure information, and names.

“This investigation and response included confirming the security of our systems, reviewing the contents of relevant data for sensitive information, and notifying impacted individuals associated with that sensitive information,” IBS stated.

“Although IBS had policies and procedures surrounding data security at the time of the incident, as part of our ongoing commitment to the privacy of personal information in our care, we are reviewing our policies and procedures to reduce the likelihood of a similar future event.”

Years-Long mscripts Breach Impacts 66K

Mobile pharmacy solutions provider mscripts reported a breach to OCR that impacted more than 66,000 individuals. According to a notice on its website, mscripts recently discovered that certain files in cloud storage were accessible from the internet between September 30, 2016 and November 18, 2022.

Upon discovery, mscripts said it took action to change the access settings and launch an investigation. The accessible data included prescription order summaries and images of prescription bottles and insurance cards submitted by patients through the mscripts app or website.

“We regret that this incident occurred,” mscripts stated. “mscripts® has already taken measures to address the underlying issue and will continue to look for ways to further enhance the security measures applicable to the services we provide.”

mscripts notified customers on behalf of the following entities:

• Banner Health
• Brookshire Brothers
• Costco Wholesale Corporation
• Giant Eagle Inc
• Meijer Pharmacy

Although mscripts said it had no indication that any of the information had been improperly used or accessed, it encouraged individuals to closely review billing statements and prescription order confirmations.

Automotive Company Suffers Ransomware Attack, Health Plan Data Impacted

Michigan-based Teijin Automotive Technologies suffered a ransomware attack in December 2022 that impacted the protected health information (PHI) of 25,464 current and former employees. The attack began when an employee unknowingly clicked a malicious link in a phishing email, a notice on the company’s website stated.

The data involved in the incident related to participation in the company’s Group Health Plan and may have included names, Social Security numbers, health insurance policy information, dates of birth, addresses, and some banking information.

Teijin said that it does not believe any medical information was maintained on the impacted servers.

“The security and confidentiality of personal employee information and the business information of our customers is critical to Teijin Automotive Technologies,” said Teijin CEO Chris Twining.

“We are sorry this incident occurred and apologize to our employees, customers and affected individuals. We have taken additional steps to strengthen the security of our data, including enhancing our security procedures, investing in new technology, and requiring additional training for our employees.”