Revere Medical: Data Breaches Confirmed by Revere Health & Health Management Systems of America

Revere Health and Health Management Systems of America Confirm Data Breaches Impacting Thousands

Two major healthcare organizations—Revere Health in Utah and Health Management Systems of America (HMSA) in Michigan—have recently disclosed cyberattacks exposing patient data.

Revere Health Breach (Utah)

On August 11, 2025, Revere Health, the largest independent multispecialty physician group in Utah and southeastern Nevada, detected unauthorized access to a third-party payment platform used for patient and payer transactions. While no evidence of data theft or misuse was found, the breach exposed sensitive information for up to 10,800 patients, including:

• Names, dates of birth, and addresses
• Medical account/record numbers
• Billing and insurance details
• Partial Social Security numbers
• Financial account information (for some individuals)

Revere Health secured the system with its payment provider and implemented enhanced security measures to prevent future incidents. As a precaution, affected individuals were offered complimentary credit monitoring and identity theft protection.

HMSA Breach (Michigan)

Detroit-based Health Management Systems of America (HMSA), a behavioral healthcare provider, identified a breach on December 9, 2024, after an employee’s email account was compromised via a spear-phishing attack. The intruder accessed and downloaded emails from the account.

A digital forensics firm was engaged to investigate, but the scope of exposed data and the number of affected individuals remain unclear, as the review is ongoing. HMSA will notify impacted individuals once the investigation concludes.

Both incidents highlight the growing threat of cyberattacks in healthcare, particularly through third-party vulnerabilities and phishing schemes.

Source: https://www.hipaajournal.com/data-breaches-revere-health-health-management-systems-of-america/

Revere Medical cybersecurity rating report: https://www.rankiteo.com/company/revere-medical

"id": "REV1765800404",
"linkid": "revere-medical",
"type": "Breach",
"date": "8/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': '10800',
                        'industry': 'Healthcare',
                        'location': 'Utah, USA',
                        'name': 'Revere Health',
                        'size': 'Largest independent multispecialty physician '
                                'group in Utah and southeastern Nevada',
                        'type': 'Healthcare Provider'},
                       {'industry': 'Healthcare',
                        'location': 'Detroit, Michigan, USA',
                        'name': 'Health Management Systems of America (HMSA)',
                        'type': 'Behavioral Healthcare Provider'}],
 'attack_vector': ['Third-party payment platform compromise',
                   'Spear phishing email'],
 'customer_advisories': ['Complementary credit monitoring and identity theft '
                         'protection services offered'],
 'data_breach': {'number_of_records_exposed': '10800',
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Names',
                                              'Dates of birth',
                                              'Addresses',
                                              'Medical account or record '
                                              'numbers',
                                              'Billing or insurance '
                                              'information',
                                              'Partial Social Security numbers',
                                              'Financial account information']},
 'date_detected': '2024-12-09',
 'date_publicly_disclosed': '2025-08-11',
 'description': 'Revere Health in Utah and Health Management Systems of '
                'America in Michigan have recently confirmed cyberattacks in '
                'which patient data was exposed.',
 'impact': {'data_compromised': 'Patient data exposed',
            'identity_theft_risk': 'High',
            'payment_information_risk': 'High',
            'systems_affected': ['Third-party payment platform',
                                 'Employee email account']},
 'investigation_status': 'Ongoing',
 'post_incident_analysis': {'corrective_actions': ['Secured the system',
                                                   'Enhanced data security '
                                                   'safeguards'],
                            'root_causes': ['Third-party payment platform '
                                            'compromise',
                                            'Spear phishing email']},
 'recommendations': ['Enhanced data security safeguards',
                     'Complementary credit monitoring and identity theft '
                     'protection services'],
 'references': [{'source': 'HIPAA Journal'}],
 'regulatory_compliance': {'regulations_violated': ['HIPAA']},
 'response': {'communication_strategy': ['Substitute breach notice on website',
                                         'Notification letters to be mailed'],
              'containment_measures': ['Secured the system'],
              'remediation_measures': ['Enhanced data security safeguards'],
              'third_party_assistance': ['Digital forensics firm']},
 'title': 'Data Breaches Confirmed by Revere Health & Health Management '
          'Systems of America',
 'type': ['Data Breach']}