November 11th, 2019 |

Notice to our Patients About an Email Phishing Incident

REVA, Inc. (“REVA”) is committed to protecting the confidentiality and security of our patients’ information. Regrettably, this notice is to inform our patients of a recent incident that may have involved some of that information.

On September 12, 2019, we learned of suspicious activity related to an employee’s email account. We immediately took steps to secure the account and worked with a leading cyber security firm to assist in our investigation. The investigation determined that an unauthorized person gained access to a limited number of employee email accounts between July 23, 2019 and September 13, 2019. We immediately secured all involved accounts. As part of our investigation, we undertook a comprehensive review of the emails and attachments that may have been viewed by the unauthorized person, and found that this information included some patient names, limited clinical information, dates of service, travel insurance information, passport numbers, and in a few instances, Social Security numbers.

We began mailing letters to affected patients on January 22, 2019, and we have established a dedicated call center for patients to call with questions. If you believe you are affected by this incident and do not receive a letter by February 23, 2020, please call 1-877-460-0844, Monday through Friday, 9:00 a.m. to 6:30 p.m., Eastern Time, excluding major U.S. holidays. If calling from outside of the United States, please call +44 (0)208 0590875, from 9:00 to 5:00 pm, Greenwich Mean Time, Monday through Friday, excluding U.K. bank holidays.

We recommend that patients review the statements they receive from their healthcare provider or travel insurer. If they see services they did not receive, please contact the provider or insurer immediately. For those patients whose Social Security numbers or driver’s license numbers were included in the email accounts, we are offering a complimentary membership of credit monitoring and identity protection services.

We take the privacy and confidentiality of our patients’ information very seriously, and deeply regret any inconvenience or concern this incident may cause our patients. To help prevent something like this from happening again, we are enhancing our email security, have enabled multi-factor authentication on all email accounts, and we are reinforcing education with our employees on how to identify and avoid phishing emails.