Medical Review Institute of America (“MRIoA”) – 157,885 Individuals Affected By Data Breach

The number of individuals affected by the data breach of MRIoA has grown from 134,571 to 157,885. 

On November 9, 2021, MRIoA discovered that it was the victim of a sophisticated cyber-attack. On November 12, 2021, MRIoA discovered that the cyber incident involved the unauthorized acquisition of information. Protected health information, per MRIoA, was included in the incident, but, presently, MRIoA doe not have evidence indicating misuse of the information.

The types of protected health information potentially involved (only if the information was provided to MRIoA by an organization named in the data breach notification letters sent to individuals) demographic information (i.e., first and last name, gender, home address, phone number, email address, date of birth, and social security number); clinical information (i.e., medical history/diagnosis/ treatment, dates of service, lab test results, prescription information, provider name, medical account number, or anything similar in your medical file and/or record); and financial information (i.e., health insurance policy and group plan number, group plan provider, claim information).

The following are some of MRIoA’s customers on whose behalf MRIoA submitted notification of the data breach:

Aetna ACE Albertsons Companies AllWays Health Partners Ambetter from Home State Health Ambetter From Superior Health Plan Ambetter of North Carolina Blue Cross Blue Shield of Illinois Blue Cross and Blue Shield of Minnesota Blue Cross Blue Shield of New Jersey Blue Cross & Blue Shield of Rhode Island Blue Cross Blue Shield of Texas Cambia Health Solutions Capital Blue Cross Cary Medical Center Florida Blue General Dynamics Genex Services, LLC Government Employees Health Association, Inc. Harvard Pilgrim Health Care, Inc Health New England Horizon Horizon Blue Cross Blue Shield of New Jersey IAC Kyocera AVX Corporation Magellan Rx Medicare Basic PDP Maine General Health Molnlycke National Elevator Industry Health Benefit Plan North America Administrators OptumRx Service-Bene Plan-BCBSAState of Maine Department of Administrative and Financial Services, Office of Employee Health and Wellness Sullivan Tire Sun Life Financial U.S. Services The Associates’ Health and Welfare Plan Trustmark Health Benefits Twin Rivers Paper Company University of Arkansas Medical Benefit Plan Unum Walmart WellCare

Source: Office Of The Maine Attorney General, Data Breach Notifications.

Class Action Lawsuits Filed Against MRIoA

On February 9, 2022, a class action lawsuit was filed in United States District Court, District of Utah, on behalf of all persons in the United States whose personal and medical information was compromised, as a result of the Medical Review Institute of America data breach that occurred in November 2021.

On February 16, 2022, another class action lawsuit was filed in federal court in Utah against MRIoA for MRIoA’s alleged “failure to secure and safeguard” the information of many individuals compromised in the data breach consisting of the “personally identifying information and personal health information (‘PII/PHI’), including names, genders, home addresses, phone numbers, email addresses, dates of birth, Social Security numbers, medical history/diagnosis/treatment, dates of service, lab test results, prescription information, provider names, medical account numbers, health insurance policies, group plan numbers, group plan providers, and insurance claim information.”

Have You Been Harmed As A Result Of A Data Breach Which Has Exposed Your Private Personal, Protected Health Or Personally Identifiable Information?

If you have experienced actual or attempted harm or been the victim of fraud, due to the illegal or unauthorized exposure of your private personal, protected health or personally identifiable information, please contact Kehoe Law Firm, P.C., [email protected], for a free, confidential consultation and no-obligation evaluation of potential legal claims. 

Kehoe Law Firm, P.C.