Cyber Incident Victim: Rivermend Health

On August 10, 2017, RiverMend Health detected suspicious emails originating from an employee’s email account, prompting an immediate internal investigation. The investigation revealed that an unauthorized individual had gained access to the employee’s email account starting on or around July 27, 2017, with the unauthorized activity persisting until August 11, 2017. RiverMend engaged a leading forensic investigation firm to assist in determining the full scope of the incident. The compromised email account contained sensitive patient information, including names, addresses, dates of birth or ages, RiverMend facility details, referral sources, services rendered, and diagnostic, demographic, insurance, and billing information. Approximately 1,300 current and former patients were affected by this breach. RiverMend stated it found no evidence that patient information was specifically targeted or misused during the unauthorized access period.

RiverMend began notifying affected individuals on October 10, 2017, advising them to review their accounts, explanations of benefits, and credit reports for suspicious activity. The organization also reported the incident to relevant federal and state regulators as part of its compliance obligations. In its public notice, RiverMend emphasized its commitment to information security and stated it was implementing measures to prevent similar incidents in the future. A dedicated toll-free number (855-248-3643) was established for affected individuals to seek additional information during specified business hours. The investigation concluded without identifying the nature of the suspicious emails sent from the compromised account or confirming whether patient data was exfiltrated beyond the unauthorized access itself.