Reventics Class Action: Lyon Firm Appointed Co-Lead Counsel

Joe Lyon has been appointed Co-Lead Counsel in the Reventics Class Action Data Breach Lawsuit, filed by The Lyon Firm on behalf of plaintiffs nationwide.

Plaintiffs have filed Class Action data breach claims against Reventics, on behalf of hundreds of thousands of impacted individuals nationwide. Reventics has noted that 250,000 people may have had their personal data compromised, though newer reports suggest that number may actually be far higher.

The plaintiffs allege that Reventics failed to properly secure and safeguard personally identifiable information (PII) and protected health information (PHI), which may have included the following:

• Name
• Address
• Date of birth
• Medical record number
• Patient account number
• Driver’s license and other government ID
• Health plan name and health plan ID
• Clinical data including diagnosis
• Dates of services
• Prescription medications

The complaint notes that by obtaining, collecting, using, and deriving a benefit from the Private Information of Plaintiff and Class Members, Reventics assumed legal duties to those individuals to protect and safeguard that information from unauthorized access and intrusion.

The PII of individuals remains of high value to various cyber criminals, as evidenced by the prices. Personal information can be sold at a price ranging from $40 to $200, and bank details have a price range of $50 to $200.

What Happened?

Reventics, a new-age, physician-focused clinical documentation improvement and revenue cycle management company, run out of Greenwood Village, Colorado, detected certain irregularities in its IT system on or about December 15, 2022.

In February 2023, Reventics issued a Notice of Data Security Incident to over 250,000 Plaintiff and Class Members.

The plaintiffs filed the complaint, alleging losses in the form of the loss of the benefit of their bargain, out-of-pocket expenses, the value of their time reasonably incurred to remedy or mitigate the effects of the cyber attack, and the substantial and imminent risk of identity theft.

Are Data Breach Incidents Preventable?

To prevent and detect unauthorized cyber-attacks, Reventics could have implemented, as recommended by the United States Government, the following measures:

• Implement an awareness and training program. Because end users are targets, employees and individuals should be aware of the threat of ransomware and how it is delivered.
• Enable strong spam filters to prevent phishing emails from reaching the end users and authenticate inbound email using technologies like Sender Policy Framework (SPF), Domain Message Authentication Reporting and Conformance (DMARC), and DomainKeys Identified Mail (DKIM) to prevent email spoofing.
• Scan all incoming and outgoing emails to detect threats and filter executable files from reaching end users.
• Configure firewalls to block access to known malicious IP addresses.
• Patch operating systems, software, and firmware on devices Consider using a centralized patch management system.
• Set anti-virus and anti-malware programs to conduct regular scans automatically.
• Manage the use of privileged accounts based on the principle of least privilege: no users should be assigned administrative access unless absolutely needed; and those with a need for administrator accounts should only use them when necessary.
• Configure access controls—including file, directory, and network share permissions—with least privilege in mind. If a user only needs to read specific files, the user should not have write access to those files, directories, or shares.
• Implement Software Restriction Policies (SRP) or other controls to prevent programs from executing from common ransomware locations, such as temporary folders supporting popular Internet browsers.

Joe Lyon is a highly-rated data breach lawyer and Privacy Attorney representing plaintiffs nationwide in class action security breach lawsuits.