Memphis, Tenn.-based Regional One Health is notifying patients that some of their confidential information may have been compromised in a data breach that affected its revenue cycle management vendor Reventics.
On Dec. 15, Reventics learned that an unauthorized party accessed its servers and launched an investigation into the incident.
The investigation determined that on Dec. 27, the unauthorized party had transferred files from its system, including files that contained patient information from Regional One, according to a Feb. 14 breach notification from Regional One.
The files contained patient information such as names, patient addresses, dates of birth, Social Security numbers, medical record numbers, patient account numbers, financial information, driver's license, and more.
Reventics said it is mailing letters to potentially affected individuals, including Regional One Health.
The RCM vendor did not mention how many people were affected by the breach, but said it has contained the incident, as well as implemented new technical safeguards in order to prevent another incident.