Reventics, LLC
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
Reventics, LLC Data Breach Overview
Reventics, LLC, a Florida-based company offering revenue cycle management, clinical documentation, and quality improvement services, suffered a significant data breach in December 2022. The breach was detected on December 15, 2022, when anomalies in the company’s systems were noticed, leading to the discovery of an intrusion and encryption of files by a cyber intruder[6]. The breach resulted in the exfiltration of sensitive patient and customer data, including names, Social Security numbers, dates of birth, financial information, and protected health information (PHI)[1][4][6].
Impact and Response
The breach affected a substantial number of individuals, initially reported as 250,918, but later revised to 4,212,823[11]. The compromised data was serious enough to enable identity theft practices, and there were concerns that the information might have been posted on the dark web[2]. Reventics responded by implementing new technical safeguards, including encryption controls, updating their security risk analysis process, and providing additional security training for workforce members[4]. They also offered credit and identity monitoring services to those affected[6].
Legal Actions and Investigations
Following the breach, Reventics faced multiple legal challenges and investigations. Wolf Haldenstein Adler Freeman & Herz LLP, a consumer rights law firm, began investigating claims on behalf of patients whose information may have been stolen[2]. A class action lawsuit was filed against Reventics, alleging that the company failed to adequately protect the personally identifiable information and PHI during the breach[5]. The lawsuit claims that Reventics was negligent and unjustly enriched, and it violated the Colorado Consumer Protection Act[5]. Another investigation by Schubert Jonckheer & Kolbe LLP looked into Reventics’ conduct for allegedly delaying the notification of the breach to consumers[7].
Additional Information
The Royal ransomware group was reported to have added Reventics to their dark web leak site, leaking more than 16 GB of files, which they claimed was only 10% of what they exfiltrated[6]. The breach details were also reported to the U.S. Department of Health and Human Services (HHS), and the incident was noted for its potential HIPAA violations[7][9].
Recommendations for Affected Individuals
Individuals affected by the Reventics data breach are advised to monitor their credit for unusual activities and consider taking advantage of the credit and identity monitoring services offered. It is also recommended to stay vigilant for any suspicious communications that may be phishing attempts or scams related to the breach.
Conclusion
The Reventics data breach is a significant event with far-reaching consequences for the individuals whose data was compromised. The company has taken steps to improve its security measures and is facing legal scrutiny for its handling of the breach. Affected individuals should take proactive steps to protect their identities and monitor for any misuse of their personal information.
Citations:
- https://www.idstrong.com/data-breaches/reventics-llc-breach/
- https://www.prnewswire.com/news-releases/reventics-llc-data-breach-alert-issued-by-wolf-haldenstein-adler-freeman–herz-llp-301757344.html
- https://www.doj.nh.gov/consumer/security-breaches/documents/reventics-20230303.pdf
- https://healthitsecurity.com/news/revenue-cycle-management-company-reports-healthcare-data-breach-impacting-250k
- https://topclassactions.com/lawsuit-settlements/privacy/data-breach/reventics-failed-to-prevent-data-breach-class-action-alleges/
- https://www.databreaches.net/reventics-notifying-patients-of-ransomware-incident/
- https://www.prnewswire.com/news-releases/consumer-alert-reventics-inc-faces-class-action-investigation-for-failure-to-adequately-protect-or-notify-customers-of-medical-data-breach-301773647.html
- https://www.scmagazine.com/news/patient-data-stolen-centrastate-cyberattack-impacting-617k
- https://www.bankinfosecurity.com/reventics-lawsuit-a-21404
- https://www.prnewswire.com/news-releases/omega-healthcare-completes-acquisition-of-apexonhealth-and-vasta-global-301524533.html
- https://www.hipaajournal.com/february-2023-healthcare-data-breach-report/
- https://www.wcpo.com/money/consumer/dont-waste-your-money/how-to-tell-if-opm-data-breach-letter-is-real-or-a-scam
- https://www.law360.com/articles/1583323/software-co-draws-class-action-over-medical-data-breach
- https://oag.ca.gov/privacy/databreach/list