The Medical Review Institute of America (MRIoA) has suffered from a cyberattack that may have exposed the personal data of over 134,000 individuals. The institute is based in Salt Lake City, Utah. The cyber incident was reportedly discovered on November 9, 2021 after unauthorized access was detected. According to MRIoA, the threat actor had gained access to the institutes network and exfiltrated data. MRIoA stated that the attackers broke into its computer system by exploiting a vulnerability in a product produced by SonicWall.
Information that may have been exposed in the incident includes first and last names, genders, home addresses, phone numbers, Social Security numbers, email addresses, and dates of birth. In addition, certain patients’ lab tests, dates of service, medical history, prescription information, provider names, and medical account numbers may have been exposed. MRIoA filed a breach report that confirmed the information stolen was retrieved and deleted. The filing includes a list of 31 clients who were impacted by the cyberattack, such as Horizon Blue Cross Blue Shield of New Jersey and the University of Arkansas Medical Benefit Plan. MRIoA stated that it is taking steps to increase its cybersecurity posture, such as constant system monitoring, advanced threat hunting, and additional detection software.
Read More: Clinical Review Vendor Reports Data Breach