Provo, Utah-based Revere Health began notifying about 12,000 patients that their medical records had been exposed in a recent email phishing attack, St. George Spectrum & Daily News reported Aug. 23.
The email account of one of the physician group's employees was breached for about 45 minutes June 21, which exposed some medical records of patients of the Heart of Dixie cardiology department in St. George, Utah, a Revere Health spokesperson said in a news release shared with the publication.
After a two-month investigation, Revere Health concluded that about 12,000 patients were affected. It said medical record numbers, birth dates, provider names, procedures and insurance provider names were exposed — but not shared online.
To prevent more attacks, Revere Health said it will now send test phishing emails to employees. If they click on the test emails, they will have to undergo awareness training from the group's IT department, the physicians group said.