Regional One Health is committed to protecting our patients’ privacy. We take patient privacy very seriously, and it is important to us that our patients are made aware of any potential privacy issue.
Reventics is a revenue cycle management company and a business associate of Regional One Health.
On or about December 15, 2022, Reventics detected a cyber-intruder who accessed information on Reventics’ servers. Upon learning of the incident, Reventics immediately engaged an international cybersecurity and forensic consulting firm to assess the nature and scope of the cyber-attack and contain any further threats to its systems and the information on the systems. On December 27, 2022, the cybersecurity and forensic consulting firm confirmed that the cyber-intruder accessed and exfiltrated certain personally identifiable information (“PII”) and Protected Health Information (“PHI”) protected under HIPAA and state privacy laws. This information included first, middle, and last name, patient address, date of birth, social security number, medical record number, patient account number, financial information, driver’s license and other government issued ID, healthcare provider’s name and address, health plan name and health plan ID, clinical data including diagnosis information, dates of services, treatment costs, prescription medications, the numeric codes used to identify services and procedures patients received from healthcare providers, and a brief description of these codes.
In the aftermath of the incident and on an ongoing basis, Reventics internal teams continue to work diligently with their third-party cybersecurity consultants to further fortify Reventics’ systems. Reventics was able to quickly contain the cyber-intruder and continue operations uninterrupted. In response to this event, Reventics implemented new technical safeguards, including, without limitation, adopting new encryption controls, performing a new/updated security risk analysis, providing individuals with free credit and identity monitoring, revising its policies and procedures, and retraining workforce members.
Reventics is mailing letters to potentially affected individuals on behalf of certain customers, including Regional One Health. Individuals seeking additional information regarding this incident can call the Reventics toll-free assistance line at (833) 753-4765 Monday through Friday, 9:00 a.m. – 9 p.m. Eastern Time. Additional information on this incident can also be found on the Reventics website at www.reventics.com. Additional steps individuals can take to help protect themselves can be found on the Federal Trade Commission or state Attorney General websites. Reventics is committed to safeguarding customer data and will continue to work to enhance the protections in place to secure the information in its care.