On November 9, 2021, the Medical Review Institute of America (“MRIoA”) discovered that it was the victim of a sophisticated cyber incident that resulted in unauthorized access to its network. 

MRIoA has sent Notice of Data Breach letters on behalf of MRIoA customers which provided MRIoA information to facilitate a clinical peer review of a requested or received health care service.

Protected health information was, according to MRIoA, included in the incident. To date, however, MRIoA does not have “evidence indicating misuse of any of your information.”

According to MRIoA, “[t]he types of protected health information potentially involved (only if this information was provided to MRIoA by the organization named [in the data breach notification letter]) . . . demographic information (i.e., first and last name, gender, home address, phone number, email address, date of birth, and social security number); clinical information (i.e., medical history/diagnosis/ treatment, dates of service, lab test results, prescription information, provider name, medical account number, or anything similar in your medical file and/or record); and financial information (i.e., health insurance policy and group plan number, group plan provider, claim information). [Emphasis added.]

The following are some of MRIoA’s customers on whose behalf MRIoA submitted notification of the data breach:

Albertsons Companies • AllWays Health Partners • Ambetter from Home State Health • Ambetter From Superior Health Plan • Ambetter of North Carolina • Blue Cross & Blue Shield of Rhode Island • Blue Cross and Blue Shield of Minnesota • Blue Cross Blue Shield of Illinois • Blue Cross Blue Shield of New Jersey • Blue Cross Blue Shield of Texas • Cambia Health Solutions • Capital Blue Cross • Cary Medical Center • Florida Blue • General Dynamics • Genex Services, LLC • Government Employees Health Association, Inc. • Health New England • Horizon • Horizon Blue Cross Blue Shield of New Jersey • Magellan Rx Medicare Basic PDP • Maine General Health• National Elevator Industry Health Benefit Plan • North America Administrators • OptumRx • State of Maine Department of Administrative and Financial Services, Office of Employee Health and Wellness • Sullivan Tire • The Associates’ Health and Welfare Plan • Twin Rivers Paper Company • University of Arkansas Medical Benefit Plan • WellCare

Please click Notice of Data Breach for more details about the MRIoA data breach. 

Source: Office of The Maine Attorney General. 

Have You Been Impacted by A Data Breach?

If so, please complete the form on the right or contact Kehoe Law Firm, P.C., [email protected]for a free, no-obligation evaluation of potential legal claims.

Kehoe Law Firm, P.C.