Riverview Health Experiences E-mail Account Data Breach

The incident was detected on August 23.

By HFT Staff


Riverview Health (Riverview) is providing notice of a recent data security incident that may have affected certain individuals’ protected health information. The incident resulted from a social engineering attack that led to the compromise of a staff member’s email account by an unauthorized individual.

On August 23rd, 2024, Riverview discovered that access to one of its staff member’s e-mail accounts had been compromised by an unauthorized individual, leading such individual to have access to the compromised e-mail account as well as certain electronic files. Upon access to the staff member’s account, Riverview’s security mechanisms promptly identified the threat, and access was terminated in less than one hour from the start of the intrusion.

After further investigation, Riverview confirmed on September 3rd, 2024, that the accessible files contained certain protected health information, which may have included medical record numbers, admission dates, diagnosis and medical information, names, dates of birth, and sex. No social security numbers, financial information or bank account numbers were exposed. Although the access was terminated shortly after it was obtained, Riverview is notifying the patients whose information may have been exposed.

Riverview believes that due to the limited information contained in the exposed files, the risk of compromise or harm to patients is low. However, Riverview is taking this matter very seriously and is identifying internal and external processes to prevent future recurrences. This includes reviewing policies around phishing and social engineering attacks, as well as evaluating methods and procedures around electronic access and controls.



October 29, 2024


Topic Area: Information Technology , Security


Recent Posts

Healthcare Security: To Arm Or Not To Arm?

Deciding whether or not to hire armed security personnel requires that managers understand a range of critical considerations.


False Alarm at Kansas Hospital Highlights Importance of Alarm System Reliability

After a two-hour search of the hospital and nearby medical facilities, no threat was found.


Integrated Oncology Network Caught Up in Data Breach

The network first learned of the incident on April 11, 2025.


ISSA Introduces Healthcare Platform to Advance Safer, Cleaner Patient Environments

This new resource integrates training, research and cross-sector collaboration to raise care standards and improve patient outcomes.


Third-Party Tracking Settlement is a Compliance Wake-Up Call for Healthcare Facilities Managers

Mount Sinai Health System agrees to a $5.3 million settlement to resolve claims it improperly shared patient data with Facebook through tracking tools.


 
 


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!

 
 
 


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.