The Personal Identifiable Information (PII) of approximately 12,000 cardiology patients has been exposed in a cyber-attack on a healthcare provider based in Utah.
Patient data in the care of Revere Health was compromised when the organization fell victim to a phishing attack on June 21, 2021.
An attacker impersonating the US Agency for International Development (USAID) sent an email to a Revere Health employee that contained a malicious link. When the employee clicked the link, they inadvertently gave the threat actor access to their login credentials.
The attacker used the stolen credentials to log in to an employee email account that contained information belonging to patients of Revere Health’s Heart of Dixie Cardiology Department in St. George, Utah. No credit card or payment information was among the data accessed by the attacker.
In a patient notification statement, Revere Health said that the compromised data was limited to patient names, dates of birth, medical record numbers, provider names, procedures, and information about appointments.
"Since this data is relatively limited, we believe that this poses a low-level risk to your personal information," said the organization.
It continued: "We have no reason to believe that they [the attacker] accessed, or were interested in, patient information. However, we cannot completely rule this out."
Revere Health said that active monitoring by its IT security team detected the unauthorized activity quickly. Within 45 minutes of the attack's commencing, the team was able to sever unauthorized access to the compromised email account.
An investigation into the incident led Revere Health to conclude that stealing patient data was not the assailant's main intention.
"From our detailed investigation of this incident, we believe that the intent of this attack was to harvest login credentials from individuals in our organization and not to gather patient information," stated the healthcare provider.
"Our security logs suggest that the attacker had three objectives: (1) to spread phishing emails, (2) to gather active usernames and passwords and (3) to attempt financial fraud against Revere Health."
Following the incident, Revere Health has updated its security awareness training, enhanced suspicious activity detection protocols, and accelerated its rollout of two-factor authentication software.