Clinical Review Vendor Reports Data Breach

Clinical Review Vendor Reports Data Breach

A cyber-attack on the Medical Review Institute of America (MRIoA) may have exposed the personal data of 134,571 individuals.

MRIoA, which is based in Salt Lake City, Utah, said it was "the victim of a sophisticated cyber incident" discovered on November 9, 2021, that resulted in a threat actor’s gaining unauthorized access to its network and exfiltrating data.

MRIoA, which provides clinical reviews and virtual medical opinions, said attackers broke into its computer system by exploiting an alleged vulnerability in a product made by SonicWall. 

Information affected by the incident may have included first and last name, gender, home address, phone number, email address, date of birth and Social Security number; clinical information, such as medical history/diagnosis/treatment, dates of service, lab test results, prescription information, provider name, and medical account number; and financial information, including health insurance policy and group plan number, group plan provider, and claim information.

In a breach report filed with the Maine attorney general, MRIoA stated that it had "retrieved and subsequently confirmed the deletion" of the information exfiltrated in the attack.

A list of 31 MRIoA clients whose were affected by the cyber-attack was included in the breach report. 

Featured on the list

Read More: