25% off all training courses Offer ends May 8, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 8, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Data Breaches Confirmed by Revere Health & Health Management Systems of America

Posted By on Dec 15, 2025

Revere Health in Utah and Health Management Systems of America in Michigan have recently confirmed that they have experienced cyberattacks in which patient data was exposed.

Revere Health, Utah

Revere Health, the largest independent multispecialty physician group in Utah and southeastern Nevada, has recently announced a data breach that has affected up to 10,800 patients. On August 11, 2025, an unauthorized third party gained access to a third-party payment platform that was used to process certain patient and payer payments. No evidence was found to indicate any theft of or misuse of the affected data, but unauthorized viewing of the exposed information could not be ruled out

Data in the compromised system included names, dates of birth, addresses, medical account or record numbers, billing or insurance information, partial Social Security numbers, and, for certain individuals, financial account information. Revere Health said it worked with the payment system provider to secure the system and has enhanced data security safeguards to reduce the risk of similar incidents in the future. Out of an abundance of caution, the affected individuals have been offered complementary credit monitoring and identity theft protection services.

Health Management Systems of America

The Detroit, MI-based behavioral healthcare provider Health Management Systems of America (HMSA) has recently disclosed a data breach that was first identified a year ago on December 9, 2024. An unauthorized third party gained access to an employee’s email account following a response to a spear phishing email and downloaded certain emails from the account.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

HMSA said it retained a digital forensics firm to investigate the breach and has been working to identify the data involved and the individuals affected. The substitute breach notice on the HMSA website does not list the types of data involved, as it says the data review is ongoing. Notification letters will be mailed to the affected individuals when that process is completed. At present, it is unclear how many individuals have been affected.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist