Medical Review Institute of America Notifies Patients of Data Breach

Medical Review Institute of America (“MRIoA”), an organization providing clinical peer reviews, on behalf of some of its health plan, health care provider and other customers, is notifying certain individuals whose information was affected by a recent data security incident.

On November 9, 2021, MRIoA discovered that it was the victim of a sophisticated cyber-attack. Once MRIoA found out, MRIoA quickly took steps to secure and safely restore its systems and operations. Further, MRIoA immediately engaged third-party forensic and incident response experts to conduct a thorough investigation of the incident’s nature and scope and assist in the remediation efforts. MRIoA also contacted the FBI to inform them of the incident and seek guidance. On November 12, 2021, MRIoA discovered that the incident involved the unauthorized acquisition of information.

On November 16, 2021, MRIoA retrieved and subsequently confirmed the deletion of the obtained information to the best of its ability and knowledge. MRIoA’s investigation into the cause of the incident is ongoing. However, once MRIoA retrieved the information, MRIoA began determining the individuals impacted in the incident. Further, MRIoA discovered that protected health information was included in the incident based on a comprehensive review.

The types of protected health information potentially involved (only if this information was provided to MRIoA) include contact and demographic information (i.e., first and last name, gender, home address, phone number, email address, date of birth), social security number; clinical information (i.e., medical history/diagnosis/treatment, dates of service, lab test results, prescription information, provider name, medical account number, or anything similar in your medical file and/or record); and financial information (i.e., health insurance policy and group plan number, group plan provider, claim information).

Read More from Source: