Reva, a medical transportation service, began alerting 1,000 patients Jan. 22 that their information may have been exposed in a phishing attack.
In September 2019, Reva discovered suspicious activity on an employee's email account. The company determined that an unauthorized third party had access to a limited number of employee email accounts between July 23 and Sept. 13, 2019.
Patient data that may have been exposed included names, clinical information, dates of service, travel insurance information, passport numbers and a limited number of Social Security numbers.
Reva took steps to immediately secure the email accounts that were compromised. The company recommends patients review any statements from healthcare providers and travel insurers.
"We take the privacy and confidentiality of our patients' information very seriously, and deeply regret any inconvenience or concern this incident may cause our patients. To help prevent something like this from happening again, we are enhancing our email security, have enabled multi-factor authentication on all email accounts, and we are reinforcing education with our employees on how to identify and avoid phishing emails," said Reva in a news release.