Notice of Data Security Incident

Reventics, a third-party billing company for Emergency Medical Specialists, P.C. (“EMSPC”), recently informed us about a cybersecurity incident impacting some patient data held by Reventics on its computer servers. Reventics is a clinical documentation improvement and revenue cycle management company providing services to various healthcare providers including EMSPC. Reventics has reported the following information to EMSPC about the incident. 

   On or about December 15, 2022, Reventics detected a cyber-intruder who potentially accessed information on certain Reventics’s servers. Reventics takes the security of personal information very seriously. Upon learning of the incident, Reventics immediately engaged an international cybersecurity and forensic consulting firm to assess the nature and scope of the cyber-attack and contain any further threats to its systems and the information on the systems. On December 27, 2022, the cybersecurity and forensic consulting firm confirmed to Reventics that the cyber-intruder accessed and exfiltrated certain personally identifiable information (“PII”) and Protected Health Information (“PHI”) protected under HIPAA and state privacy laws which was saved on Reventics’s systems. This information included patient names, addresses, dates of birth, and for some may include social security number, medical record number, patient account number, financial information, driver’s license and other government issued ID, healthcare provider’s name and address, health plan name and health plan ID, clinical data including diagnosis information, dates of services, treatment costs, prescription medications, the numeric codes used to identify services and procedures patients received from healthcare providers, and a brief description of these codes.

 In the aftermath of the incident and on an ongoing basis, Reventics’s internal teams continue to work diligently with their third-party cybersecurity consultants to further fortify Reventics’s systems. Reventics was able to quickly contain the cyber-intruder and continue operations uninterrupted. In response to this event, Reventics assures us that it has implemented new technical safeguards including, without limitation, adopting new encryption controls, and is performing a new/updated security risk analysis, providing impacted individuals with free credit and identity monitoring, revising its policies and procedures, and retraining workforce members. Reventics also assures us it is committed to safeguarding customer data and will continue to work to enhance the protections in place to secure the information in its care.

Reventics is mailing letters to potentially affected individuals on behalf of its impacted customers, including EMSPC. Individuals seeking additional information regarding this incident can call the Reventics toll-free assistance line at (833) 753-4765 Monday through Friday, during the hours of 7 am – 7 pm Mountain Time. Additional steps individuals can take to help protect themselves can be found on the Federal Trade Commission or state Attorney General websites. Individuals may obtain information from the Federal Trade Commission and the consumer credit reporting agencies about fraud alerts and security freezes at the toll-free numbers, websites, or mailing addresses as follows:

Federal Trade Commission, Consumer Response Center, 600 Pennsylvania Avenue, NW, Washington, DC 20580, www.ftc.gov/bcp/edu/microsites/idtheft/, 1-877-IDTHEFT (438-4338)

Equifax, PO Box 740241, Atlanta, GA 30374, www.equifax.com, 1-800-685-1111

Experian, PO Box 2104, Allen, TX 75013, www.experian.com, 1-888-397-3742

TransUnion, PO Box 2000, Chester, PA 19016, www.transunion.com, 1-800-888-4213