Data Breach Investigation of Leaked Medical Review Institute of America Patient Information

Migliaccio & Rathod LLP is currently investigating the Salt Lake City, Utah-based healthcare clinical review organization the Medical Review Institute of America for failing to safeguard sensitive patient information in a data breach that occurred in November of 2021. The data breach was caused by a sophisticated ransomware attack in which hackers exploited a SonicWall security product vulnerability, exfiltrating the data of more than 134,000 patients. Examples of the types of data exposed in the leak include names, dates of birth, addresses, social security numbers, medical records, lab results, diagnoses, medications, health insurance information, and dates of services.

Although the Medical Review Institute of America claims that the copies of the information obtained by the hackers were returned and destroyed, cybercriminals commonly use information obtained from data breaches to commit a wide variety of identity theft. In previous ransomware attacks on medical records companies, for example, patient information has been used for a number of fraudulent purposes, including requests for credit services, banking, and medical procedures in a patient’s name without permission. Patients in previous data breaches have had to pay out of pocket for credit monitoring or newly discovered fraudulent charges. Some Medical Review Institute of America patients may have notices suspicious credit activity, disrupted medical services, or appointments fraudulently created, canceled, or billed in their name.

Are you or have you been a Medical Review Institute of America patient who has received a data breach notification letter in the past year?

If so, we would like to hear from you. Please complete the questionnaire below, send us an email at [email protected], or give us a call at (202) 470-3520.

The lawyers at Migliaccio & Rathod LLP have years of experience in class action litigation against large corporations, including in cases involving data breaches. More information about our current cases and investigations is available on our blog.