Rise Interactive Media & Analytics, LLC
The Illinois-based digital marketing agency, Rise Interactive Media & Analytics, LLC, has recently confirmed that hackers gained access to its digital environment on November 14, 2022, and potentially accessed or exfiltrated the data of some of its clients. Rise Interactive has reported the breach to the Department of Health and Human Services as affecting 54,509 individuals, but it is currently unknown how many of its healthcare clients have been affected.
RGH Enterprises, Inc., doing business as Edgepark Medical Supplies, is one of the affected Rise Interactive clients. Edgepark explained in a notification letter to the California Attorney General that it was informed about the data security incident by Rise Interactive on December 5, 2022. While the investigation into the breach is ongoing, Edgepark Medical Supplies was informed that the files potentially accessed included names, email addresses, phone numbers, provider information, diagnoses, expected delivery dates, and health insurance information. The breach was confined to Rise Interactive’s systems. Edgepark Medical Supplies said Rise Interactive is evaluating its security measures and will modify internal controls and practices to improve the privacy and security of client information.
DotHouse Health Incorporated
DotHouse Health Incorporated, a Joint Commission-accredited health center in Dorchester, MA, has announced that unauthorized individuals gained access to certain parts of its network between October 31, 2022, and November 27, 2022. Suspicious activity was detected within its network in November 2022, and a third-party computer forensics firm was engaged to investigate the breach. On or around January 12, 2023, the investigation confirmed that the parts of the network that were accessed included files containing patient information such as full names, addresses, dates of birth, medical record numbers, diagnoses/conditions, medications, other treatment information, and claims information.
The review of the affected files is ongoing and notification letters will be sent to affected individuals when that process is completed. DotHouse Health said that while data theft has not been confirmed, it is likely that patient information was accessed and downloaded. Affected individuals have been advised to monitor their accounts statements, credit reports, and Explanation of Benefits statements for unauthorized activity and to report any suspicious activity immediately. The breach has been reported to the HHS’ Office for Civil Rights as affecting up to 10,000 individuals.
Reventics
Revenetics, a Greenwood Village, CO-based clinical documentation improvement and revenue cycle management company, has recently confirmed that hackers gained access to its computer environment and accessed and stole patient data. The cyber intrusion was detected by Revenetics on or around December 15, 2022, when suspicious activity was identified on some of its servers. A third-party cybersecurity and digital forensics company was engaged to investigate the breach, and determined on December 27, 2022, that the files exfiltrated from its systems contained HIPAA-protected data, including names, birth dates, Social Security numbers, financial information, healthcare provider details, health plan names, clinical data, and service/procedure codes and a brief description of those codes.
Reventics said it has implemented additional safeguards to prevent further cyberattacks and data breaches, including new encryption controls. A new, comprehensive security risk analysis has also been performed and further training has been provided to the workforce. Affected individuals are now being notified and have been offered complimentary credit monitoring and identity theft protection services.
The breach has yet to appear on the HHS’ Breach portal, so it is currently unclear how many individuals have been affected.
The post Rise Interactive Media & Analytics, DotHouse Health, and Reventics Hacked appeared first on HIPAA Journal.