If you are visiting this page, you have received a notification regarding the security breach that occurred on June 21, 2021 involving patients of our Heart of Dixie Cardiology Department in St. George, Utah.
To help answer any additional concerns you may have, we have developed a series of Frequently Asked Questions that will most likely answer any further questions you have.
Q: How did this security breach occur?
A: An individual outside of our organization sent an email to an employee who then clicked on the link included in the email which compromised the employee’s email account. The individual was then able to use the employee’s stolen login credentials to remotely log into an email account where patient information exists.
From our detailed investigation of this incident, we believe that the intent of this attack was to harvest login credentials from individuals in our organization and not to gather patient information. Our security logs suggest that the attacker had three objectives: (1) to spread phishing emails, (2) to gather active usernames and passwords and (3) to attempt financial fraud against Revere Health. We have no reason to believe that they accessed, or were interested in, patient information. However, we cannot completely rule this out.
Q: How long was my information put at risk?
A: Revere Health’s IT Security Team actively monitors for unauthorized activity and was able to quickly detect the issue and cut off unauthorized access to the email account within 45 minutes.
Q: What personal information did this involve?
A: The information was limited to patient names, dates of birth, medical records numbers, provider names, procedures, and information about your appointments. Since this data is relatively limited, we believe that this poses a low-level risk to your personal information.
Q: Was my credit card information put on file at Revere Health put at risk?
A: No credit card or payment information would have been included in the data that was compromised.
Q: Why was my information found in a Revere Health email account?
A: Revere Health doctors and staff routinely use secure email servers alongside electronic medical records and other information systems to coordinate patient care. While our workforce strives to minimize the amount of sensitive information stored on email servers, some use of patient information in email is necessary for successful clinic operations. In this case, the majority of information found in the compromised email account was necessary for the coordination of billing services.
Q: What is Revere Health doing to secure my information?
A: Revere Health takes data privacy seriously and endeavors to protect patient information with prudent security practices. Access to information systems is restricted to authorized personnel and all members of the workforce are required to use strong passwords and complete security awareness training regularly. Revere Health tests workforce awareness with frequent simulated phishing emails and actively monitors information systems for unauthorized activity.
In response to this incident, we have updated security awareness training, enhanced suspicious activity detection protocols and accelerated our rollout of industry leading two-factor authentication software. These actions are part of a continuous effort to identify and respond to evolving security threats.
Q: What should I do?
A: Since we feel that this poses a low-risk to your personal information given the limited data that was compromised. However, we encourage you to monitor your personal data and look for any suspicious activity.