1,300 PHI Potentially Exposed in RiverMend Health Email Breach

RiverMend Health is a specialty behavioral health services provider that helps people who have problems with alcohol and drug addiction. The RiverMend Health branch located in Augusta, GA discovered unauthorized access to the email account of one of its employees last August 10, 2017. The hacked email account was being used to send suspicious emails.  Upon discovery of the unauthorized access, the account was blocked the following day.  It turned out that the hacker had access to the account for the last two weeks beginning July 27, 2017.

For two weeks, the attacker had access to the email account which contained 1,300 protected health information of current and former patients. To determine the full nature of the breach and its extent, RiverMend Health employed the services of a top computer forensics company to investigate the matter. It is not known how the email account was hacked. RiverMend Health chose not to disclose the details of the breach, but the company made sure that they implemented the necessary steps to stop similar incidents from happening in the future.

There is no clear intention for the unauthorized access of the email account except the sending of suspicious emails. There is no evidence that the reason of attack is to access, steal or misuse the PHI contained in the email account. But the latter intention cannot be ruled out with high degree of certainty.

RiverMend Health has already sent mail notifications to patients regarding the breach. They were advised that there is a possibility of unauthorized access to their personal information that include their names, age, date of birth, address, RiverMend facility branch, referral source, demographic information, insurance information, billings information, services rendered and diagnostic information.

In relation to the health data breach, patients are advised to exercise caution and take time to check their accounts, credit reports and other important statements for possible signs of suspicious activity. Any suspicious activity must be reported right away to RiverMend Health for follow-up investigation.

About Christine Garcia 1297 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at https://twitter.com/ChrisCalHIPAA