It has been revealed that RiverMend Health LLC has suffered a data breach after an employee’s email account was compromised. “Suspicious activity” was detected on the compromised account on August 10, and an investigation discovered that there was sustained unauthorized access to the account from about July 27 until August 11. It is not clear what the suspicious activity was.
A statement from RiverMend said that it has “found no evidence that any patient information was misused or specifically targeted.”
RiverMend has been diligently working to determine the full nature and scope of this event, and have retained the services of a leading forensic investigation firm to assist with these efforts. This information includes the following types of patient information: name, address, age or date of birth, RiverMend facility, referral source, services rendered, and diagnostic, demographic, insurance, and/or billing information.
It has not been confirmed how the perpetrator gained access to the account, although it is likely that the employee fell victim to a phishing scam. Those potentially affected by the incident have been informed, as have the relevant authorities. Advice given to potential victims is to review accounts and credit reports in case of any suspicious activity.
RiverMend is taking the incident seriously. It is “taking steps to help ensure that a similar situation does not occur again,” but it is not clear at this stage what those steps are.
The most important line of defense against a phishing attack is the person who receives the email. If your staff are able to identify and correctly respond to a malicious email, the danger can be mitigated. With phishing attacks on the increase, particularly in the healthcare sector, this example highlights the importance of training staff.
Educate your staff
No matter how effective your spam filter is, a spoof email could bypass it, making your staff the last line of defense against fraud. It is therefore vital that they are aware of the risks of phishing emails. E-learning courses are an efficient, cost-effective method of training with minimal disruption.
Our Phishing Staff Awareness Course gives your staff an introduction to understanding and spotting phishing scams, and helps reduce the chance that an employee will hand over confidential information or inadvertently infect your organization’s systems. The course helps employees identify phishing attacks, explains what would happen should they fall victim, and shows them how they can mitigate the threat of an attack.