A healthcare employee of Revere Health, the largest healthcare firm in Utah, was targeted in a phishing email attack that exposed some medical records for approximately 12,000 patients, including patients of cardiology practice in St. George. According to a breach notification sent out by Revere Health on Friday, the employee’s mailbox was exposed for roughly 45 minutes on June 21 and leaked some private details about patients of the Heart of Dixie Cardiology Department in St. George. The phishing attack was rapidly identified by Revere Health IT team, which immediately secured the mailbox to prevent unauthorized access. After a two-month investigation, Revere Health believes the aim of the attacker was not to secure access to patient data but to use the email account to launch more sophisticated phishing email attacks on other Revere employees. The company found the patients’ data wasn’t being shared online and deemed the breach to be a “low-level risk” to affected patients. “From our detailed investigation of this incident, we believe that the intent of this attack was to harvest login credentials from individuals in our organization and not to gather patient information Our security logs suggest that the attacker had three objectives: (1) to spread phishing emails, (2) to gather active usernames and passwords and (3) to attempt financial fraud against Revere Health," stated the healthcare company. The exposed data included medical record numbers, dates of birth, provider names, procedures, and insurance provider names. According to Bob Freeze, the director of marketing and communications for Revere Health, no financial information such as credit card information was exposed by this breach of date. The company has informed the impacted patients about the situation and advised them to r ..
Support the originator by clicking the read the rest link below.
