DataBreaches.net

DataBreaches.net

The Office of Inadequate Security

Menu
  • Breach Laws
  • About
  • Donate
  • Contact
  • Privacy
  • Transparency Reports
Menu

The Medical Review Institute of America notifies patients of ransomware incident (updated)

Posted on December 23, 2021January 10, 2022 by Dissent

The Medical Review Institute of America (“MRIoA”) collects protected health information (PHI) as part of providing clinical peer review for covered entities that request it (if the patient consents to provide info for the review).

MRIoA was hit with ransomware in November. And although they do not directly state that they paid ransom, it sounds like they did because their notification states that to the best of their ability and knowledge, they “retrieved and subsequently confirmed the deletion” of their information.

Do they really have any genuine belief that the data were deleted, when every expert has been saying for the past few years that criminals do not delete data, even though they swear they will delete and their word is good?

I wish entities would be a bit more realistic and tell people, “Look, we paid these b*stards a ton of money to get your data deleted, but the reality is that they probably didn’t delete it despite swearing they would, so take steps to protect yourself, and here’s how we will try to help you:…..”

You can read the full notification/press release on the Vermont Attorney General’s website at https://ago.vermont.gov/blog/2021/12/17/the-golub-corporation-data-breach-notice-to-consumers/ 

The incident has not (yet) appeared on HHS’s public breach tool.

On MRIoA’s site, however, under Privacy and Security, it says:

MRIoA takes the privacy and security of your information very seriously. MRIoA’s privacy and security program incorporates the HITRUST Common Security Framework (CSF) and associated standards/regulations referenced within, including HIPAA, HITECH, and state data and privacy laws. MRIoA maintains strict access controls including privileged access, file integrity monitoring, input validation and comprehensive audit logging, and ensures confidentiality of data by using AES-256 encryption for data at rest and TLS1.2 for data in transit.

So if data at rest were accessed and exfiltrated, had they been encrypted as promised? There is no mention of any of the compromised PHI being encrypted in MRIoA’s notification. It’s possible that attackers could encrypt over already encrypted data, but then, I would think the notification would have been sure to state that the data had been encrypted by MRIoA. DataBreaches.net sent an email inquiry to MRIoA last night asking about that and a few other questions, but no reply has been received as of the time of this publication.

Update: This incident was subsequently reported to the Maine Attorney General’s Office as impacting 134,571 people. MRIoA never responded to this site’s inquiry about whether the data had been encrypted at rest. Interestingly, though, their notification to Maine residents, a copy of which was provided to the Maine Attorney General’s Office, included a statement that the forensic investigation found that the threat actor(s) had gained access to its systems via a SonicWall vulnerability on November 2, 2021. DataBreaches.net does not know which SonicWall vulnerability this was, but wonders whether potential plaintiffs will claim that the firm did not patch promptly.

The notification to Maine residents also included an appendix listing all the MRIoA clients for whom it had provided this notification:

• Albertsons Companies
• AllWays Health Partners
• Ambetter from Home State Health
• Ambetter From Superior Health Plan
• Ambetter of North Carolina
• Blue Cross & Blue Shield of Rhode Island
• Blue Cross and Blue Shield of Minnesota
• Blue Cross Blue Shield of Illinois
• Blue Cross Blue Shield of New Jersey
• Blue Cross Blue Shield of Texas
• Cambia Health Solutions
• Capital Blue Cross
• CARY MEDICAL CENTER
• Florida Blue
• General Dynamics
• Genex Services, LLC
• Government Employees Health Association, Inc.
• Health New England
• Horizon
• Horizon Blue Cross Blue Shield of New Jersey
• Magellan Rx Medicare Basic PDP
• MAINEGENERAL HEALTH
• National Elevator Industry Health Benefit Plan
• NORTH AMERICA ADMINISTRATORS
• OptumRx
• State of Maine Department of Administrative and Financial Services, Office of Employee
Health and Wellness
• SULLIVAN TIRE
• The Associates’ Health and Welfare Plan
• Twin Rivers Paper Company
• University of Arkansas Medical Benefit Plan
• WellCare

Update2:  Superior HealthPlan has issued a notification.

Related Posts:

  • Vincera Institute notifies patients after ransomware attack
  • NC: Update to Allergy Partners ransomware incident
  • Eye Institute of Corpus Christi notifies patients of breach
  • Update on Scripps' ransomware incident
  • When is a PHI breach reported to HHS not a breach of PHI?

Post navigation

← Ninth Circuit overturns $1.7 million restitution order for Russian hacker
Health Ministry of Brazil Hit by Two Ransomware Attacks in One Week; Vaccination Data Stolen & Taken Offline →

Sponsored or Paid Posts

This site doesn’t accept sponsored posts and doesn’t respond to requests about them.

Have a News Tip?

Email:

Breaches[at]Protonmail.ch
Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Telegram: @DissentDoe

Browse by News Section

Latest Posts

  • After $50 Million Breach, KyberSwap Faces Hacker’s Shocking Demands
  • Hendersonville city employees target of cybersecurity breach
  • Ukrainian gets 8-year sentence for running marketplace for Americans’ data
  • Some city data was stolen during cyber breach; full scope remains unknown, Long Beach says
  • More than 1 million Michiganders affected by Welltok cyberattack
  • Line operator says 440,000 personal records leaked in data breach
  • Ransomware group ‘Black Basta’ has raked in more than $100 million -researchers
  • DFS Announces $1 Million Cybersecurity Settlement With First American Title Insurance Company

Please Donate

If you can, please donate XMR to our Monero wallet because the entities whose breaches we expose are definitely not supporting our work and are generally trying to chill our speech!

Donate- Scan QR Code   Donate!

Social Media

Find me on Infosec.Exchange.

I am also on Telegram @DissentDoe.

RSS

Grab the RSS Feed

Copyright

© 2009 – 2023, DataBreaches.net and DataBreaches LLC. All rights reserved.

HIGH PRAISE, INDEED!

“You translate “Nerd” into understandable “English” — Victor Gevers of GDI Foundation, talking about DataBreaches.net

©2023 DataBreaches.net