The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Reventics Facing Class Action Lawsuit Over Royal Ransomware Attack and Data Breach

Posted By on Mar 13, 2023

Revenetics is facing a class action lawsuit over its December 2022 cyberattack and data breach that affected more than 250,000 individuals. Revenetics is a revenue cycle management company that provides its software solutions to many healthcare providers. On December 15, 2023, Revenetics detected a system intrusion and confirmed on December 27, 2022, that the attackers exfiltrated files that included names, dates of birth, clinical information, financial information, procedure and service codes, and healthcare provider and health plan names.

The Royal ransomware group claimed responsibility for the attack and issued a ransom demand to prevent the publication of the 16GB of data allegedly stolen in the attack. The Royal ransomware group is known to target healthcare organizations and typically exfiltrates data and then issues ransom demands of between $250,000 and $2 million to prevent the publication of the stolen data. When ransoms are not paid, the group published the stolen data on its data leak site. In February 2023, Royal started to publish Revenetics data on its data leak site.

The law firm Cole & Van recently filed a lawsuit in the U.S. District Court for the District of Colorado on behalf of plaintiff Paula Henderson and similarly affected individuals, alleging Revenetics was negligent for failing to implement adequate and reasonable measures to safeguard the personal and protected health information of patients. As a result of that negligence, the lawsuit claims the plaintiff and class members have suffered injury and harm such as anxiety, emotional distress, loss of privacy, and economic and non-economic losses and that their PHI is now in the hands of criminals, which means they face an imminent and elevated risk of identity theft, fraud, and abuse.

In addition to negligence, the lawsuit alleges a breach of implied contract and a breach of the implied covenant of good faith and fair dealing. The lawsuit seeks class action status, a jury trial, an award of actual, nominal, and consequential damages, equitable relief, and injunctive relief, including a court order requiring Revenetics to encrypt sensitive data, comply with applicable regulations and industry standards for data security, implement and maintain a comprehensive information security program, segment data, conduct regular database and security checks, provide regular security awareness training to employees, submit to third-party security audits, and conduct penetration tests on a regular basis.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist