Revere Health under Phishing attack
According to a press release by Revere Health, one of their employees was the target of a phishing email attack leading to the exposure of medical records of around 12,000 patients.
As per Bob Freeze, the director of marketing and communications for Revere Health, the healthcare professional’s email was breached for about 45 minutes in June and so exposed information about Heart of Dixie Cardiology Department’s patients. According to the company’s perspective, the attacker’s intention was not to release the patients’ information but rather to locate a way to deploy more complicated phishing attacks on other employees of the organization.
The company also carried out a detailed investigation for a period of two months and found that none of the patients’ medical information was shared online and deemed the breach to be of low-level risk. Freeze also states that affected patients have been contacted and informed about the situation and recommended them to be vigilant of any signs of their medical information sharing.
According to the press release, the information that has been accessed through the breach include medical record numbers, DOB, provider names, procedures and insurance provider names. According to Freeze’s analysis, no financial information was shared by this breach until now.
Also Read: Memorial Health System under cyberattack
Freeze also claims that Revere Health has taken measures to enhance tech security protocols, and in a practice to save and protect from further breaches, it will send test phishing emails to its employees. In case an employee clicks on the email, this clearly indicates the need for training, and so all such employees will be reverted to the IT department at Revere Health for the same.
Revere Health also advised its employees to cross-check all parts of an email before opening it. This includes double-checking the email address as FTS states that a norm in phishing attack tactics involve the email address to show as a normal name but once clicked, it will be a more complex one that won’t match the name.
The FTC also has listed the common ways that will help you prevent being the victim of a similar phishing attack. These include installing the latest updates of software, installing security software, making use of multi-factor identification and backing up data regularly. Also, it recommends to not open any links from unknown email addresses or phone numbers.