Jan 19, 2022 | Data Breach
Medical Review Institute of America (“MRIoA”) – 157,885 Individuals Affected By Data Breach
The number of individuals affected by the data breach of MRIoA has grown from 134,571 to 157,885.
On November 9, 2021, MRIoA discovered that it was the victim of a sophisticated cyber-attack. On November 12, 2021, MRIoA discovered that the cyber incident involved the unauthorized acquisition of information. Protected health information, per MRIoA, was included in the incident, but, presently, MRIoA doe not have evidence indicating misuse of the information.
The types of protected health information potentially involved (only if the information was provided to MRIoA by an organization named in the data breach notification letters sent to individuals) demographic information (i.e., first and last name, gender, home address, phone number, email address, date of birth, and social security number); clinical information (i.e., medical history/diagnosis/ treatment, dates of service, lab test results, prescription information, provider name, medical account number, or anything similar in your medical file and/or record); and financial information (i.e., health insurance policy and group plan number, group plan provider, claim information).
The following are some of MRIoA’s customers on whose behalf MRIoA submitted notification of the data breach:
• Aetna ACE • Albertsons Companies • AllWays Health Partners • Ambetter from Home State Health • Ambetter From Superior Health Plan • Ambetter of North Carolina • Blue Cross Blue Shield of Illinois • Blue Cross and Blue Shield of Minnesota • Blue Cross Blue Shield of New Jersey • Blue Cross & Blue Shield of Rhode Island • Blue Cross Blue Shield of Texas • Cambia Health Solutions • Capital Blue Cross • Cary Medical Center • Florida Blue • General Dynamics • Genex Services, LLC • Government Employees Health Association, Inc. • Harvard Pilgrim Health Care, Inc • Health New England • Horizon • Horizon Blue Cross Blue Shield of New Jersey • IAC • Kyocera AVX Corporation • Magellan Rx Medicare Basic PDP • Maine General Health • Molnlycke • National Elevator Industry Health Benefit Plan • North America Administrators • OptumRx • Service-Bene Plan-BCBSA• State of Maine Department of Administrative and Financial Services, Office of Employee Health and Wellness • Sullivan Tire • Sun Life Financial U.S. Services • The Associates’ Health and Welfare Plan • Trustmark Health Benefits • Twin Rivers Paper Company • University of Arkansas Medical Benefit Plan • Unum • Walmart • WellCare
Source: Office Of The Maine Attorney General, Data Breach Notifications.
Class Action Lawsuits Filed Against MRIoA
On February 9, 2022, a class action lawsuit was filed in United States District Court, District of Utah, on behalf of all persons in the United States whose personal and medical information was compromised, as a result of the Medical Review Institute of America data breach that occurred in November 2021.
On February 16, 2022, another class action lawsuit was filed in federal court in Utah against MRIoA for MRIoA’s alleged “failure to secure and safeguard” the information of many individuals compromised in the data breach consisting of the “personally identifying information and personal health information (‘PII/PHI’), including names, genders, home addresses, phone numbers, email addresses, dates of birth, Social Security numbers, medical history/diagnosis/treatment, dates of service, lab test results, prescription information, provider names, medical account numbers, health insurance policies, group plan numbers, group plan providers, and insurance claim information.”
Have You Been Harmed As A Result Of A Data Breach Which Has Exposed Your Private Personal, Protected Health Or Personally Identifiable Information?
If you have experienced actual or attempted harm or been the victim of fraud, due to the illegal or unauthorized exposure of your private personal, protected health or personally identifiable information, please contact Kehoe Law Firm, P.C., [email protected], for a free, confidential consultation and no-obligation evaluation of potential legal claims.
Jan 17, 2022 | Data Breach
TriValley Primary Care – 122,806 affected by a data breach
On October 11, 2021, TriValley Primary Care discovered a ransomware incident that impacted its networks and servers. TriValley Primary Care determined that the unauthorized individual accessed its systems and may have obtained some information. The information potentially involved (only if the information was provided to TriValley) demographic information (i.e., first and last name, gender, home address, phone number, email address, date of birth, and social security number); clinical information (i.e., medical history/diagnosis/treatment, dates of service, lab test results, prescription information, provider name, medical account number, or anything similar in your medical file and or record); and financial information (i.e., health insurance policy and group plan number, group plan provider, claim information).
Jefferson Surgical Clinic – 174,769 affected by a data breach
On June 5, 2021, Jefferson Surgical Clinic detected that it was the target of a cybersecurity attack by an unauthorized third party that attempted to infiltrate Jefferson Surgical Clinic’s computer network. The company’s investigation determined that information, such as your name, date of birth, social security number, and health/treatment information, was potentially accessed by an unauthorized and unknown party.
Source: Office of The Maine Attorney General, Data Breach Notifications.
Have You Been Harmed By A Data Breach?
Data breach victims harmed as the result of the illegal or unauthorized use of their personal information are encouraged to complete the form above on the right or e-mail [email protected] for a free, no-obligation evaluation of potential legal claims.
Jan 17, 2022 | Data Breach
Jim Koons Automotive Company – 114,153 affected by a data breach.
Jim Koons Automotive Company discovered unusual activity on certain computer systems beginning on June 5, 2021. The company’s review of the potentially impacted information was completed on or around December 21, 2021. The company confirmed that the information which could have been subject to unauthorized access varied by individual, but may have included name, address, Social Security number, driver’s license number, and financial account information.
Source: Office of The Maine Attorney General, Data Breach Notifications.
Have You Been Harmed By A Data Breach?
Data breach victims harmed as the result of the illegal or unauthorized use of their personal information are encouraged to complete the form above on the right or e-mail [email protected] for a free, no-obligation evaluation of potential legal claims.
Jan 16, 2022 | Data Breach
Ravkoo – 105,000 individuals affected by a data breach.
Ravkoo, “a digital SaaS platform for prescription fulfillment providing prescription delivery to patients’ doorsteps,” reported that it recently discovered that a data breach may have unintentionally exposed personal information.
On September 27, 2021, Ravkoo detected that its prescription portal was the target of a cybersecurity attack. On October 27, 2021, Ravkoo’s forensic investigation disclosed that certain prescription and health information could have been compromised.
Ravkoo, however, reported that it has not found evidence that Social Security Numbers were accessed or compromised as Ravkoo does not maintain this information within the impacted portal. Although Ravkoo has not found evidence that one’s information was specifically accessed for misuse, it is possible, according to Ravkoo, that full name, mail address, phone number, and prescription/limited medical information could have been exposed. Ravkoo reported that, presently, it does not have any evidence to indicate that personal information has been, or will be, misused due to the data breach incident.
Source: Office of The Maine Attorney General, Data Breach Notifications.
Have You Been Harmed By A Data Breach?
Data breach victims harmed as the result of the illegal or unauthorized use of their personal information are encouraged to complete the form above on the right or e-mail [email protected] for a free, no-obligation evaluation of potential legal claims.
Jan 14, 2022 | Data Breach
CTH learned it was the subject of a cybersecurity incident occurring from August 11 to September 10, 2021. On September 10, 2021 the unauthorized individuals deployed malware causing the encryption of a number of network drives and backups. The data elements involved may have included a name, address, or Social Security Number.
Entira, along with thousands of other healthcare entities, retained Netgain for online hosting of its environment, including cloud services and e-mail. Netgain was recently the target of a cybersecurity incident. Entira has determined that information, including name, address, social security number and medical history, were accessed by an unknown party that is not authorized to handle or view such information.
On August 14, 2021, Memorial Health System identified the presence of malware on certain servers in its environment. MHS determined that in connection with the malware event, an unauthorized actor accessed certain systems within its network on or about July 10 through August 15, 2021. On or about September 17, 2021, MHS determined the unauthorized actor may have accessed or acquired information from systems potentially containing patient information. The information that could have been subject to unauthorized access includes name, address, Social Security number, medical/treatment information, and health insurance information.
Source: Office of The Maine Attorney General, Data Breach Notifications.
Have You Been Impacted by A Data Breach?
Data breach victims harmed as the result of the illegal or unauthorized use of their personal information are encouraged to complete the form above on the right or e-mail [email protected] for a free, no-obligation evaluation of potential legal claims.
Jan 12, 2022 | Data Breach
Discovery Of Florida-Based TransCredit’s Dataset With Trucking, Transport Company & Individual Driver Information Apparently Tied To Credit Accounts, Loans, Repayment And Debt Collection
WebsitePlanet.com has reported that “[s]ecurity researcher Jeremiah Fowler together with the Website Planet research team discovered a non-password protected database that contained 822,789 records.”
According to WebsitePlanet.com, “The dataset had detailed information on trucking, transport companies, and individual drivers. The data appeared to be connected to credit accounts, loans, repayment, and debt collections. This included banking information and tax ID numbers. Many of the Tax IDs were consistent with what appeared to be SSN (Social Security Numbers) and stored in plain text.”
WebsitePlanet.com reported that “there were multiple references including internal emails and usernames of a Florida based company called TransCredit“; the investigative team “sent a responsible disclosure notice to TransCredit and public access was restricted shortly after”; and “[t]he records appeared to contain the data of trucking and transportation companies based in the United States and Canada.”
The following information, according to WebsitePlanet.com, was discovered:
- Total Records: 822,789
- Internal records that include customers first and last names, emails, bank information, Tax ID numbers that appear to be SSN and EIN (Employer Identification Number).
- These individuals could be at risk of a targeted social engineering attack using insider information.
- Detailed notes on collections, payment histories, new applicants, status and progress. References to “TransCredit” and “Transcore”
- Internal Passwords and login IDs / Usernames, account numbers. We can only assume that these could be used to access the user portal. (We do not circumvent password protections or attempt to validate user credentials for ethical reasons).
- Indices named:
- The files also show where data is stored and a blueprint of how the network operates from the back end. The database was at risk of a ransomware attack that would encrypt the data.
Additionally, WebsitePlanet.com reported that “[t]his database contained enough information to create a range of highly targeted fraud or scams. Criminals armed with insider knowledge could potentially gain trust very easily and companies or individuals would be less suspicious when presented with verifying a Tax ID or other data.” [All emphasis added.]
Have You Been Impacted by A Data Breach?
If so, please complete the form above on the right or e-mail [email protected] for a free, no-obligation evaluation of potential legal claims.