Rivermend Health is notifying 1,300 patients who had information in an employee’s email account that was compromised. Rivermend detected suspicious activity from the account on August 10. Subsequent investigation determined that the account had been accessed beginning on or about July 27, and the access continued until August 11.
Rivermend found no evidence that patient information was specifically targeted, and does not explain the nature of the emails being sent from the employee’s account. Was the employee’s email account sending out patient information or were patients being notified because their information was in the employee’s account?
Here is the full text of the notice on their web site:
Atlanta, Georgia (October 10, 2017) – RiverMend Health, LLC (“RiverMend”) is providing notice to certain current and former patients of a recent event involving unauthorized access to a RiverMend employee email account. RiverMend has found no evidence that any patient information was information was misused or specifically targeted.
On August 10, 2017, RiverMend identified suspicious emails being sent from an employee’s account. RiverMend launched an investigation and determined that an unauthorized individual had gained access to the employee’s email account beginning on or about July 27, 2017, and continuing until August 11, 2017. RiverMend has been diligently working to determine the full nature and scope of this event, and have retained the services of a leading forensic investigation firm to assist with these efforts. This information includes the following types of patient information: name, address, age or date of birth, RiverMend facility, referral source, services rendered, and diagnostic, demographic, insurance, and/or billing information.
Again, RiverMend has found no evidence that any patient information was misused or specifically targeted. However impacted individuals are encouraged to review their accounts, explanations of benefits, and credit reports for suspicious activity, and to report any suspicious activity to RiverMend immediately.
RiverMend is also providing notice of this event to relevant federal and state regulators.
RiverMend takes the security of information very seriously, and is taking steps to help ensure that a similar situation does not occur again.
Individuals with questions can contact 855-248-3643 (toll-free), Monday through Friday, 8:00 a.m. to 8:00 p.m. ET.