Clinical Review Vendor Reports Data Breach

A cyber-attack on the Medical Review Institute of America (MRIoA) may have exposed the personal data of 134,571 individuals.

MRIoA, based in Salt Lake City, Utah, said it was “the victim of a sophisticated cyber incident” discovered on November 9 2021, that resulted in a threat actor’s gaining unauthorized access to its network and exfiltrating data.

MRIoA, which provides clinical reviews and virtual medical opinions, said attackers broke into its computer system by exploiting an alleged vulnerability in a product made by SonicWall. 

Information affected by the incident may have included first and last name, gender, home address, phone number, email address, date of birth and Social Security number. Additionally, information affected may have included clinical information, such as medical history/diagnosis/treatment, dates of service, lab test results, prescription information, provider name and medical account number. Also, financial information, including health insurance policy and group plan number, group plan provider and claim information, may have been affected.

In a breach report filed with the Maine attorney general, MRIoA stated it had “retrieved and subsequently confirmed the deletion” of the information exfiltrated in the attack.

A list of 31 MRIoA clients who were affected by the cyber-attack was included in the breach report. 

Featured on the list are Horizon Blue Cross Blue Shield of New Jersey, five different branches of Blue Cross and Blue Shield and the University of Arkansas Medical Benefit Plan.

MRIoA said it is taking steps to beef up its cybersecurity posture. Improvements include constant monitoring of its systems with advanced threat hunting and detection software and extra authentication protections to protect system access.

In the wake of the attack, MRIoA said it had new servers “built from the ground up to ensure all threat remnants were removed.”

In a comment issued on Wednesday to ISMG, SonicWall stated: “It is SonicWall’s understanding that the product issue referred to is related to a known vulnerability that was reported and patched by SonicWall.”

The firewall maker confirmed that an intruder had accessed MRIoA’s environment through a SonicWall vulnerability on November 2 2021.

“That has since been resolved and MRIoA’s environment has been secured,” stated a SonicWall spokesperson.