REVA, Inc. (“REVA”) is committed to protecting the confidentiality and security of our patients’ information. Regrettably, this notice is to inform our patients of a recent incident that may have involved some of that information.
On September 12, 2019, we learned of suspicious activity related to an employee’s email account. We immediately took steps to secure the account and worked with a leading cyber security firm to assist in our investigation. The investigation determined that an unauthorized person gained access to a limited number of employee email accounts between July 23, 2019 and September 13, 2019. We immediately secured all involved accounts. We expect that some patient information is contained in the accounts, including patient names, dates of service, Social Security numbers, passport and travel insurance numbers, and clinical information. We are in the process of reviewing the emails in the accounts to identify those patients whose information may have been accessible to the unauthorized person. We will update this notice as we obtain more information about the contents of the email accounts.
We are continuing to investigate this incident and anticipate notifying patients in the coming weeks. Although we have no indication that any patient information has been misused, out of an abundance of caution, we have established a dedicated call center for patients to call with questions. If you have questions about this incident, please call 1-877-460-0844, Monday through Friday, 9:00 a.m. to 6:30 p.m. Eastern Time. We recommend that patients review the statements they receive from their healthcare provider or travel insurer. If they see services they did not receive, please contact the provider or insurer immediately.
We take the privacy and confidentiality of our patients’ information very seriously, and deeply regret any inconvenience or concern this incident may cause our patients. To help prevent something like this from happening again, we are enhancing our email security, have enabled multi-factor authentication on all email accounts, and we are reinforcing education with our employees on how to identify and avoid phishing emails.