Medical Review Institute of America Notifies Patients of Data Breach

SALT LAKE CITY--()--Medical Review Institute of America (“MRIoA”), an organization providing clinical peer reviews, on behalf of some of its health plan, health care provider and other customers, is notifying certain individuals whose information was affected by a recent data security incident.

On November 9, 2021, MRIoA discovered that it was the victim of a sophisticated cyber-attack. Once MRIoA found out, MRIoA quickly took steps to secure and safely restore its systems and operations. Further, MRIoA immediately engaged third-party forensic and incident response experts to conduct a thorough investigation of the incident's nature and scope and assist in the remediation efforts. MRIoA also contacted the FBI to inform them of the incident and seek guidance. On November 12, 2021, MRIoA discovered that the incident involved the unauthorized acquisition of information.

On November 16, 2021, MRIoA retrieved and subsequently confirmed the deletion of the obtained information to the best of its ability and knowledge. MRIoA’s investigation into the cause of the incident is ongoing. However, once MRIoA retrieved the information, MRIoA began determining the individuals impacted in the incident. Further, MRIoA discovered that protected health information was included in the incident based on a comprehensive review.

The types of protected health information potentially involved (only if this information was provided to MRIoA) include contact and demographic information (i.e., first and last name, gender, home address, phone number, email address, date of birth), social security number; clinical information (i.e., medical history/diagnosis/treatment, dates of service, lab test results, prescription information, provider name, medical account number, or anything similar in your medical file and/or record); and financial information (i.e., health insurance policy and group plan number, group plan provider, claim information).

However, to the best of its knowledge and as of the date of this release, MRIoA has no evidence indicating the occurrence of identity theft resulting from this incident.

“The security and privacy of the information contained within our systems is a top priority for us, and we were shocked and dismayed to learn that we were one of the thousands of victims of this type of cyberattack,” said Ron Sullivan, CEO of MRIoA. “We are fully committed to protecting the information on our systems and sincerely regret the inconvenience and worry caused by this incident. We thank the community, our employees, and partners for their support during this event.”

In response to this incident, MRIoA implemented and/or is continuing to implement additional cybersecurity safeguards to MRIoA’s existing infrastructure to better minimize the likelihood of this type of event occurring again, including:

  • Constant monitoring of our systems with advanced threat hunting and detection software;
  • Adding additional multifactor authentication protections when attempting to access the systems;
  • New servers built from the ground up to ensure all threat remnants were removed;
  • Working with external third-party cybersecurity experts to assist us in our security efforts;
  • Deploying a hardened and new backup environment;
  • Enhancing our employee cybersecurity training; and
  • Reviewing, revising, and amending our existing cybersecurity policies as necessary.

MRIoA recommends that individuals remain vigilant by closely reviewing their account statements and credit reports as a precautionary measure. If individuals detect any suspicious activity on an account, MRIoA strongly advises that they promptly notify the financial institution or company that maintains the account. Further, individuals should promptly report any fraudulent activity or any suspected incidence of identity theft to proper law enforcement authorities, including their state attorney general and the Federal Trade Commission (FTC). To file a complaint or to contact the FTC, you can (1) send a letter to the Federal Trade Commission, Consumer Response Center, 600 Pennsylvania Avenue NW, Washington, DC 20580; (2) go to; or (3) call 1-877-ID-THEFT (877-438-4338). Complaints filed with the FTC will be added to the FTC's Identity Theft Data Clearinghouse, a database made available to law enforcement agencies.

Further, MRIoA is offering complimentary credit monitoring and identity protection services to individuals impacted or involved in the incident. Individuals interested in signing up for the complimentary credit monitoring must do so within 90 days of receiving their notification letter from MRIoA. If you believe you were impacted by this incident and wish to take advantage of these services, please contact the dedicated toll-free helpline (as stated below), and for more information about tips to protect from identity theft, please visit

To assist you with questions regarding this incident, representatives are available for 90 days from the date of this letter, please call the toll-free helpline 1-855-618-3157 between the hours of 8:00 am to 5:30 pm Central time, Monday through Friday (excluding holidays).


Ron Sullivan, Chief Executive Officer
Medical Review Institute of America

Release Summary

Medical Review Institute of America (“MRIoA”) is notifying individuals whose information was affected by a recent data security incident.


Ron Sullivan, Chief Executive Officer
Medical Review Institute of America