"Clinical Review Vendor Reports Data Breach"

A cyberattack on the Medical Review Institute of America (MRIoA) may have exposed the personal data of 134,571 individuals.  MRIoA provides clinical reviews and virtual medical opinions.  MRIoA is based in Salt Lake City, Utah.  MRIoA stated that it was “the victim of a sophisticated cyber incident” discovered on November 9, 2021, that resulted in an adversary gaining unauthorized access to its network and exfiltrating data.  MRIoA stated that the attackers broke into its computer system by exploiting an alleged vulnerability in a product made by SonicWall.  The firewall maker confirmed that an intruder had accessed MRIoA’s environment through a SonicWall vulnerability on November 2, 2021.   Information affected by the incident may have included first and last name, gender, home address, phone number, email address, date of birth, and social security number.  Additionally, information affected may have included clinical information, such as medical history/diagnosis/treatment, dates of service, lab test results, prescription information, provider name, and medical account number.  Other information that may have been breached includes financial information, including health insurance policy and group plan number, group plan provider, and claim information.  In the wake of the attack, MRIoA said it had new servers “built from the ground up to ensure all threat remnants were removed.”

Infosecurity reports: "Clinical Review Vendor Reports Data Breach"