Reventics, LLC

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

Reventics, LLC Data Breach Overview

Reventics, LLC, a Florida-based company offering revenue cycle management, clinical documentation, and quality improvement services, suffered a significant data breach in December 2022. The breach was detected on December 15, 2022, when anomalies in the company’s systems were noticed, leading to the discovery of an intrusion and encryption of files by a cyber intruder[6]. The breach resulted in the exfiltration of sensitive patient and customer data, including names, Social Security numbers, dates of birth, financial information, and protected health information (PHI)[1][4][6].

Impact and Response

The breach affected a substantial number of individuals, initially reported as 250,918, but later revised to 4,212,823[11]. The compromised data was serious enough to enable identity theft practices, and there were concerns that the information might have been posted on the dark web[2]. Reventics responded by implementing new technical safeguards, including encryption controls, updating their security risk analysis process, and providing additional security training for workforce members[4]. They also offered credit and identity monitoring services to those affected[6].

Legal Actions and Investigations

Following the breach, Reventics faced multiple legal challenges and investigations. Wolf Haldenstein Adler Freeman & Herz LLP, a consumer rights law firm, began investigating claims on behalf of patients whose information may have been stolen[2]. A class action lawsuit was filed against Reventics, alleging that the company failed to adequately protect the personally identifiable information and PHI during the breach[5]. The lawsuit claims that Reventics was negligent and unjustly enriched, and it violated the Colorado Consumer Protection Act[5]. Another investigation by Schubert Jonckheer & Kolbe LLP looked into Reventics’ conduct for allegedly delaying the notification of the breach to consumers[7].

Additional Information

The Royal ransomware group was reported to have added Reventics to their dark web leak site, leaking more than 16 GB of files, which they claimed was only 10% of what they exfiltrated[6]. The breach details were also reported to the U.S. Department of Health and Human Services (HHS), and the incident was noted for its potential HIPAA violations[7][9].

Recommendations for Affected Individuals

Individuals affected by the Reventics data breach are advised to monitor their credit for unusual activities and consider taking advantage of the credit and identity monitoring services offered. It is also recommended to stay vigilant for any suspicious communications that may be phishing attempts or scams related to the breach.

Conclusion

The Reventics data breach is a significant event with far-reaching consequences for the individuals whose data was compromised. The company has taken steps to improve its security measures and is facing legal scrutiny for its handling of the breach. Affected individuals should take proactive steps to protect their identities and monitor for any misuse of their personal information.

Citations:

  1. https://www.idstrong.com/data-breaches/reventics-llc-breach/
  2. https://www.prnewswire.com/news-releases/reventics-llc-data-breach-alert-issued-by-wolf-haldenstein-adler-freeman–herz-llp-301757344.html
  3. https://www.doj.nh.gov/consumer/security-breaches/documents/reventics-20230303.pdf
  4. https://healthitsecurity.com/news/revenue-cycle-management-company-reports-healthcare-data-breach-impacting-250k
  5. https://topclassactions.com/lawsuit-settlements/privacy/data-breach/reventics-failed-to-prevent-data-breach-class-action-alleges/
  6. https://www.databreaches.net/reventics-notifying-patients-of-ransomware-incident/
  7. https://www.prnewswire.com/news-releases/consumer-alert-reventics-inc-faces-class-action-investigation-for-failure-to-adequately-protect-or-notify-customers-of-medical-data-breach-301773647.html
  8. https://www.scmagazine.com/news/patient-data-stolen-centrastate-cyberattack-impacting-617k
  9. https://www.bankinfosecurity.com/reventics-lawsuit-a-21404
  10. https://www.prnewswire.com/news-releases/omega-healthcare-completes-acquisition-of-apexonhealth-and-vasta-global-301524533.html
  11. https://www.hipaajournal.com/february-2023-healthcare-data-breach-report/
  12. https://www.wcpo.com/money/consumer/dont-waste-your-money/how-to-tell-if-opm-data-breach-letter-is-real-or-a-scam
  13. https://www.law360.com/articles/1583323/software-co-draws-class-action-over-medical-data-breach
  14. https://oag.ca.gov/privacy/databreach/list
Breach Submission Date Feb 10, 2023
Converted Entity Name Reventics, LLC
Converted Entity Type Business Associate
State FL
Individuals Affected 4,212,823
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes