Cyber Incident Victim: Reventics

On December 15, 2022, Reventics, a Greenwood Village-based healthcare software company acquired by Omega Healthcare, detected a potential breach of its data security systems. The company discovered that an unauthorized cyber intruder had accessed certain files within its computer network. Reventics immediately engaged a cybersecurity and forensic consulting firm to investigate the scope and impact of the incident. The investigation confirmed on December 27, 2022, that the attacker successfully removed files containing confidential consumer information from the network. This confirmation came twelve days after initial detection, establishing that the breach involved data exfiltration rather than mere network access. Reventics subsequently conducted a comprehensive review of the compromised files to identify affected individuals and specific data types exposed.

The stolen information included consumers' names, Social Security numbers, dates of birth, financial details, and protected health information, with variations in impacted data elements per individual. On February 10, 2023, Reventics formally notified the Montana Attorney General’s office of the breach and initiated mailing data breach notification letters to all affected consumers. The company publicly disclosed the incident through a "Notice of Data Security Incident" on its website but did not specify the number of impacted individuals or operational disruptions. As a revenue cycle management provider handling clinical documentation and financial data for healthcare clients, the breach exposed highly sensitive consumer information requiring mandatory notifications. Reventics, which employs 72 staff and generates $20 million annually, undertook these response measures following its acquisition by India-based Omega Healthcare, though the investigation did not attribute the attack to any specific threat actor or methodology.