The Personal Identifiable Information (PII) of approximately 12,000 cardiology sufferers has been exposed in a cyber-attack on a health care supplier centered in Utah.
Affected person data in the treatment of Revere Health was compromised when the organization fell sufferer to a phishing attack on June 21, 2021.
An attacker impersonating the US Agency for International Improvement (USAID) sent an email to a Revere Overall health employee that contained a malicious website link. When the staff clicked the backlink, they inadvertently gave the risk actor entry to their login qualifications.
The attacker applied the stolen qualifications to log in to an staff email account that contained information belonging to sufferers of Revere Health’s Coronary heart of Dixie Cardiology Office in St. George, Utah. No credit score card or payment facts was between the data accessed by the attacker.
In a affected individual notification statement, Revere Health and fitness explained that the compromised info was constrained to client names, dates of delivery, professional medical record numbers, service provider names, procedures, and info about appointments.
“Due to the fact this data is somewhat restricted, we consider that this poses a small-stage risk to your private info,” claimed the firm.
It ongoing: “We have no motive to believe that that they [the attacker] accessed, or were being fascinated in, client information. Nonetheless, we are not able to entirely rule this out.”
Revere Overall health stated that lively monitoring by its IT security staff detected the unauthorized exercise immediately. Within just 45 minutes of the attack’s commencing, the crew was equipped to sever unauthorized access to the compromised email account.
An investigation into the incident led Revere Health and fitness to conclude that stealing patient info was not the assailant’s main intention.
“From our in-depth investigation of this incident, we believe that that the intent of this attack was to harvest login credentials from individuals in our organization and not to gather affected person details,” mentioned the healthcare service provider.
“Our security logs counsel that the attacker experienced three goals: (1) to unfold phishing email messages, (2) to get energetic usernames and passwords and (3) to try fiscal fraud in opposition to Revere Well being.”
Pursuing the incident, Revere Health and fitness has up to date its security consciousness schooling, improved suspicious exercise detection protocols, and accelerated its rollout of two-factor authentication software program.
Some components of this posting are sourced from: