Cyber Attacks Reported by Rise Interactive Media & Analytics, Reventics, DotHouse Health, and CommonSpirit Health

Digital marketing agency, Rise Interactive Media & Analytics, LLC, based in Illinois recently reported that attackers acquired access to its digital platform on November 14, 2022, and possibly viewed or extracted the information of a number of its customers. Rise Interactive has submitted the breach report to the Department of Health and Human Services indicating that 54,509 individuals were affected. The exact number of its healthcare clients that were affected by the incident is still unknown.

RGH Enterprises, Inc., also known as Edgepark Medical Supplies, is one client impacted by the Rise Interactive attack. Edgepark stated in the notification letter sent to the California Attorney General that it was advised regarding the data security breach on December 5, 2022. Although the breach investigation was still in progress, Edgepark Medical Supplies was notified that the attackers potentially accessed files that included names, telephone numbers, email addresses, provider data, diagnoses, expected delivery dates, and medical insurance details. Only Rise Interactive’s systems were affected by the breach. According to Edgepark Medical Supplies, Rise Interactive is assessing its security procedures and will adjust internal settings and practices to enhance the privacy and protection of client data.

DotHouse Health Incorporated

Dorchester, MA-based DotHouse Health Incorporated, which is a Joint Commission-accredited health center, has reported that unauthorized persons acquired access to selected parts of its system from October 31, 2022 to November 27, 2022. It detected suspicious activity inside its system in November 2022. A third-party computer forensics company helped to investigate the incident. On or about January 12, 2023, the investigation revealed that areas of its network had been viewed including files that have patient data like full names, addresses, birth dates, diagnoses/conditions, prescription drugs, other treatment data, medical record numbers, and claims details.

The analysis of the impacted files is in progress. The affected individuals will be notified as soon as that process is finalized. DotHouse Health stated that although data theft was not confirmed, it is probable that patient data was viewed and exfiltrated. DotHouse Health advised the impacted persons to keep track of their accounts statements, Explanation of Benefits statements, and credit reports for unauthorized transactions, and to report them immediately. The breach report submitted to the HHS’ Office for Civil Rights indicated that up to 10,000 persons were affected.

Reventics

Clinical documentation improvement and revenue cycle management firm, Revenetics based in Greenwood Village, CO, recently stated that hackers acquired access to its computer system and viewed and stole patient information. Revenetics detected the cyber attack on or about December 15, 2022, after identifying suspicious activity on a few of its servers. Based on the investigation of a third-party cybersecurity and digital forensics firm, it was confirmed on December 27, 2022 the exfiltration of files from its systems. The files included HIPAA-protected information, such as names, dates of birth, financial data, healthcare provider information, health plan names, clinical information, and service/procedure codes and a short explanation of those codes, and Social Security numbers.

Reventics stated it has applied extra safety measures to stop more cyberattacks and security breaches, which include new encryption adjustments. A new, extensive security risk analysis has likewise been carried out. Extra training is also made available to the employees. Impacted persons are currently being informed and offered free identity theft protection and credit monitoring services.

The breach is not yet posted on the breach portal of HHS. Hence, the number of individuals affected is currently uncertain.

CommonSpirit Health Loses $150 Million Because of Ransomware Attack

The health system CommonSpirit Health lost over $150 million thus far because of the October 2022 ransomware attack based on its latest quarterly report. Costs still continue to increase while the investigation into the ransomware attack and information breach continues. CommonSpirit Health is likewise facing lawsuits because of the ransomware attack. Several class action lawsuits were filed that seek damages for the persons who had their PHI compromised in the breach, which could impact the company’s financial situation.

Healthcare data breaches are the most expensive data breaches to handle. The IBM Security Annual Cost of a Data Breach Report for 2022 indicates that the cost of healthcare data breaches is $10.1 million on average, and throughout all sectors, the average cost is $164 per record.

CommonSpirit Health’s ransomware attack exposed a substantial amount of patient data, affecting 623,700 people, yet it could be much worse. There are over 20 million patients being served by Dignity Health, CommonSpirit Health, and Catholic Health Initiatives. The expenses of the CommonSpirit Health ransomware attack and data breach is greater than IBM Security’s, which is due to the continuing disruption brought on by the attack. CommonSpirit Health sustained one month of outage because of the attack, and that prolonged interruption to operations is the reason for the spiraling costs. The average costs of data breaches don’t take into account extended interruption to organization operations, which is the most expensive part of a cyberattack. Big health systems can suffer losses of $1 million to $2 million every day because of interruptions to business operations.

The Catholic health system sustained operating deficits of $1.3 billion for the fiscal year closing June 30, 2022. It had $1.85 billion in net deficits, with $474 million of operating deficits for Q4 of 2022, which is nearly six times the operating deficits for the matching quarter in 2021 ($81 million). The health system states its cash reserves decreased to $741 million from the past fiscal year to $1.85 billion on December 31, 2022, allowing it 160 days of cash left to pay for its operations.

Although the health system is running at a deficit, CommonSpirit Health had a volume increase in the last quarter of 2022, even though the quarterly report mentioned operating income dropped from $8.88 billion (2021) to $8.30 billion (2022). The health system states it is still impacted by the pandemic, employment shortages, and inflation, along with needing to pay for the ransomware attack and data breach costs.

CommonSpirit stated it is undertaking several steps to strengthen its financial sustainability, which includes concentrating on lowering costs, working more effectively, and scaling programs throughout the business to make a better experience for consumers and patients. The health system has additionally enforced initiatives to help encourage employees and clinician health care and increase employee retention.

 

About Christine Garcia 1295 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at https://twitter.com/ChrisCalHIPAA