{"id":661,"date":"2023-05-02T12:42:11","date_gmt":"2023-05-02T17:42:11","guid":{"rendered":"https:\/\/kentprotect.com\/?p=661"},"modified":"2023-05-03T03:50:58","modified_gmt":"2023-05-03T08:50:58","slug":"breach-report-medical-review-institute-of-america-suspected-ransomware-and-data-breach","status":"publish","type":"post","link":"https:\/\/kentprotect.com\/index.php\/2023\/05\/02\/breach-report-medical-review-institute-of-america-suspected-ransomware-and-data-breach\/","title":{"rendered":"Breach Report: Medical Review Institute of America suspected ransomware &#038; breach"},"content":{"rendered":"<div class='booster-block booster-read-block'><\/div>\n<p class=\"has-medium-font-size wp-block-paragraph\"><strong>One-sentence summary: <\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Medical Review Institute of America suspected ransomware and data breach via Sonicwall affects 134,000, results in five class-action lawsuits and a $2.6 million settlement despite data deletion. <\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\"><strong>Who was involved?<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Medical Review Institute of America (MRIoA), Blue Cross and Blue Shield of Illinois (BSBSIL), potentially 134,571 patients, and a threat actor. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">30 additional clients of MRIoA are listed on MRIoA&#8217;s Maine OAG breach notice which may have supplied MRIoA with PHI or PII: <\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Albertsons Companies<\/li>\n\n\n\n<li>AllWays Health Partners<\/li>\n\n\n\n<li>Ambetter from Home State Health<\/li>\n\n\n\n<li>Ambetter From Superior Health Plan<\/li>\n\n\n\n<li>Ambetter of North Carolina<\/li>\n\n\n\n<li>Blue Cross &amp; Blue Shield of Rhode Island<\/li>\n\n\n\n<li>Blue Cross and Blue Shield of Minnesota<\/li>\n\n\n\n<li>Blue Cross Blue Shield of Illinois<\/li>\n\n\n\n<li>Blue Cross Blue Shield of New Jersey<\/li>\n\n\n\n<li>Blue Cross Blue Shield of Texas<\/li>\n\n\n\n<li>Cambia Health Solutions<\/li>\n\n\n\n<li>Capital Blue Cross<\/li>\n\n\n\n<li>CARY MEDICAL CENTER<\/li>\n\n\n\n<li>Florida Blue<\/li>\n\n\n\n<li>General Dynamics<\/li>\n\n\n\n<li>Genex Services, LLC<\/li>\n\n\n\n<li>Government Employees Health Association, Inc.<\/li>\n\n\n\n<li>Health New England<\/li>\n\n\n\n<li>Horizon<\/li>\n\n\n\n<li>Horizon Blue Cross Blue Shield of New Jersey<\/li>\n\n\n\n<li>Magellan Rx Medicare Basic PDP<\/li>\n\n\n\n<li>MAINEGENERAL HEALTH<\/li>\n\n\n\n<li>National Elevator Industry Health Benefit Plan<\/li>\n\n\n\n<li>NORTH AMERICA ADMINISTRATORS<\/li>\n\n\n\n<li>OptumRx<\/li>\n\n\n\n<li>State of Maine Department of Administrative and Financial Services, Office of Employee<br>Health and Wellness<\/li>\n\n\n\n<li>SULLIVAN TIRE<\/li>\n\n\n\n<li>The Associates&#8217; Health and Welfare Plan<\/li>\n\n\n\n<li>Twin Rivers Paper Company<\/li>\n\n\n\n<li>University of Arkansas Medical Benefit Plan<\/li>\n\n\n\n<li>WellCare (Pollock, 2022b, p. 10)<\/li>\n<\/ul>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\"><strong>What was the timeline?<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">June 25, 2021: Medical Review Institute of America achieves HITRUST CSF Certification<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">November 2, 2021: Breach starts at MRIoA via Sonicwall<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">November 9, 2021: Medical Review Institute of America discovers it is undergoing a potential breach\/cyberattack  <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">November 12, 2021: MRIoA discovers data is breached as part of the attack <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">November 16, 2021: Medical Review Institute of America confirms data was deleted<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">January 7, 2022: MRIoA reports the breach to HHS and begins consumer notification<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">February 03, 2022: Class-action lawsuit is filed against Medical Review Institute of America (and Blue Cross and Blue Shield of Illinois (BSBSIL)) in federal court in northern Illinois (<em>Dean v. Medical Review Institute of America, LLC et al<\/em>, 2022)<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">March 16, 2023: MRIoA settles five outstanding class-action lawsuits with a potentially capped $2.6 million settlement (<em>IN RE MEDICAL REVIEW INSTITUTE OF AMERICA, LLC, DATA BREACH LITIGATION<\/em>, 2023, p. 5)<\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\"><strong>What occurred?<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Medical Review Institute of America (MRoiA)&nbsp;was breached in November 2021 via Sonicwall by a potential ransomware group, affecting over 134,571 patients and their sensitive data (HHS, 2022; Alder, 2022; Pollock, 2022b, p. 1). Despite having the data deleted (via suspected ransom payment) (Alder, 2022), the following sensitive data was allegedly breached: &#8220;demographic information (i.e., first and last name, gender, home address, phone number, email address, date of birth, and social security number); clinical information (i.e., medical history\/diagnosis\/treatment, dates of service, lab test results, prescription information, provider name, medical account number, or anything similar in your medical file and\/or record); and financial information (i.e., health insurance policy and group plan number, group plan provider, claim information)&#8221; (Pollock, 2022b, pp. 1-2). The breach resulted in over five class action lawsuits being filed against MRoiA which all settled in March 2023 for a maximum amount of $2.6 million, among $487,500 in attorney fees and other costs (<em>IN RE MEDICAL REVIEW INSTITUTE OF AMERICA, LLC, DATA BREACH LITIGATION<\/em>, 2023, pp. 5-6). <\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\"><strong>Estimated costs:<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Associated incident response costs, breach notification costs, potential ransom payment (Alder, 2022, para. 4), litigation defense, &#8220;third-party forensic and incident response experts,&#8221; $2.6 million settlement to consumers, $487,500 in attorney fees to plaintiffs (<em>IN RE MEDICAL REVIEW INSTITUTE OF AMERICA, LLC, DATA BREACH LITIGATION<\/em>, 2023, p. 6), M-F call center, 12 months of Kroll identity monitoring<\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\"><strong>Involved laws: <\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Federal: HIPAA and HITECH; Section 5 of the FTC Act, 15 U.S.C. \u00a7 45 (<em>Dean v. Medical Review Institute of America, LLC et al<\/em>, 2022, p. 13) <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">State: Maine: 10 M.R.S.A. \u00a7 1346<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Massachusetts: 201 CMR 17.00 and M.G.L.A. 93H \u00a7 1<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Illinois:  Illinois Consumer Fraud and Deceptive and Deceptive Business Practices Act (\u201cCFA\u201d), 815<br>Ill. Comp. Stat. \u00a7\u00a7 505\/1, et seq. (<em>Dean v. Medical Review Institute of America, LLC et al<\/em>, 2022, p. 4) <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">815 ILCS 505\/2 (<em>Dean v. Medical Review Institute of America, LLC et al<\/em>, 2022, p. 51)<\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\"><strong>Root cause: <\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Known Sonicwall vulnerability with a patch available (Pollock, 2022b, p. 1; McGee, 2022)<\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\"><strong>Lessons learned: <\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">5 months before the breach, the Medical Review Institute of America (MRIoA) achieved HITRUST CSF Certification (Maloney, 2021). This was broadcasted on a press release on MRIoA&#8217;s website, and MRIoA positioned itself as an &#8220;elite group of organizations worldwide&#8221; (Maloney, 2021). Thus, even a HITRUST CSF certification may not be enough for organizations in today&#8217;s cyber landscape. Furthermore, MRIoA&#8217;s patch management is under question (McGee, 2022). Patch management is a critical component of an organization&#8217;s cybersecurity health and resilience. Attackers are actively scanning their public targets on a regular basis and may exploit any vulnerability they find&#8211; especially unpatched. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><em>Example patch management solutions: <\/em><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">ManageEngine Patch Manager Plus: https:\/\/www.manageengine.com\/patch-management\/<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Automox Cloud Patch Management: https:\/\/www.automox.com\/features\/cloud-patch-management<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Additionally, regular vulnerability assessments are integral to a robust patch management program. Organizations should be regularly scanning both their internal and public assets to ensure vulnerabilities are not present. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><em>Example vulnerability assessment tools: <\/em><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Tenable Nessus: https:\/\/www.tenable.com\/products\/nessus<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Greenborne OpenVAS (open source): https:\/\/openvas.org\/<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Web Application: <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Burp Suite Enterprise Edition: https:\/\/portswigger.net\/burp\/enterprise<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Acunetix: https:\/\/www.acunetix.com\/<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">MRIoA has listed many remediation efforts it has undertaken in response to the breach, including: <\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>&#8220;Constant monitoring of its systems with advanced threat hunting and detection software;<\/li>\n\n\n\n<li>Adding additional authentication protections when attempting to access the systems;<\/li>\n\n\n\n<li>New servers built from the ground up to ensure all threat remnants were removed;<\/li>\n\n\n\n<li>Working with external third-party cybersecurity experts to assist in their security efforts;<\/li>\n\n\n\n<li>Deploying a hardened and new backup environment;<\/li>\n\n\n\n<li>Enhancing its employee cybersecurity training; and<\/li>\n\n\n\n<li>Reviewing, revising, and amending its existing cybersecurity policies as necessary.&#8221; (Pollock, 2022b, p. 2) <\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><br>Additionally, third-party liability is highlighted as during litigation, it was discovered that Blue Cross and Blue Shield of Illinois (BSBSIL) was sued for contracting with MRIoA and providing PHI and PII (<em>Dean v. Medical Review Institute of America, LLC et al<\/em>, 2022, p. 1). Furthermore, 31 different clients of MRIoA were identified in a list on MRIoA&#8217;s Maine OAG breach report (Pollock, 2022b, p. 10). <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Finally, potentially paying for data deletion may not change outcomes such as mass litigation. At one point, it appeared MRIoA had one of their cases favorably dismissed, likely due to the data deletion, but this still did not change the $2.6 million settlement or other lawsuits (Hawkins, 2022). This also brings to attention a dilemma organizations have when faced with a ransom or double extortion attempt in a ransomware attack: do they pay the ransom or refuse it? Here, I cannot make a recommendation for every organization as the U.S. government discourages ransom payments (Kapko, 2022). However, every interest must be weighed, including the breach victims, society, and the criminal ransomware\/extortion groups. PHI is proving a lucrative extortion vector as it contains the most sensitive and intimate information available about a person. Prevention is the best strategy, but also having a good cyber insurance policy and resilience plan (<a href=\"https:\/\/csrc.nist.gov\/publications\/detail\/sp\/800-160\/vol-2-rev-1\/final\">such as what is specified in NIST SP 800-160 Vol. 2 Rev. 1<\/a>) are critical components as well. <br><\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\"><strong>Sources: <\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Alder, S. (2022, January 18). <em>Patient Data Stolen in Cyberattack on the Medical Review Institute of America<\/em>. HIPAA Journal. Retrieved May 2, 2023, from https:\/\/www.hipaajournal.com\/patient-data-stolen-in-cyberattack-on-the-medical-review-institute-of-america\/<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Dean v. Medical Review Institute of America, LLC et al, Case No. 1:22-cv-00619 (N.D. Ill. 2022). https:\/\/www.classaction.org\/media\/dean-v-medical-review-institute-of-america-llc-et-al.pdf<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Hawkins, S. (2022, June 24). Medical Review Institute of America Dodges Data Breach Claims. <em>Bloomberg Law<\/em>. Retrieved May 2, 2023, from https:\/\/news.bloomberglaw.com\/privacy-and-data-security\/medical-review-institute-of-america-dodges-data-breach-claims<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">HHS. (2022). Cases Currently Under Investigation. In <em>Breach Portal: Notice to the Secretary of HHS Breach of Unsecured Protected Health Information<\/em>. U.S. Department of Health and Human Services Office for Civil Rights. Retrieved May 2, 2023, from https:\/\/ocrportal.hhs.gov\/ocr\/breach\/breach_report.jsf<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">IN RE MEDICAL REVIEW INSTITUTE OF AMERICA, LLC, DATA BREACH LITIGATION, CIVIL NO. 2:22cv0082-DAK-DAO (D.C. Utah 2023). https:\/\/www.mriasettlement.com\/wp-content\/uploads\/2023\/04\/SETTLEMENT-AGREEMENT-AND-RELEASE.pdf<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Kapko, M. (2022, September 19). <em>US government rejects ransom payment ban to spur disclosure<\/em>. Cybersecurity Dive. https:\/\/www.cybersecuritydive.com\/news\/government-ransomware-guidance\/632136\/<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Maloney, D. (2021). Medical Review Institute of America (MRIoA) Achieves HITRUST CSF\u00ae Certification to Manage Risk, Improve Security Posture, and Meet Compliance Requirements. <em>MRIoA<\/em>. https:\/\/www.mrioa.com\/medical-review-institute-of-america-mrioa-achieves-hitrust-csf-certification-to-manage-risk-improve-security-posture-and-meet-compliance-requirements\/<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">McGee, M. K. (2022, January 11). <em>Vendor: Data Breach Involved Security Product Vulnerability<\/em>. GovInfoSecurity. Retrieved May 2, 2023, from https:\/\/www.govinfosecurity.com\/vendor-data-breach-involved-security-product-vulnerability-a-18290<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">MRIoA (healthitdirectory.com). (2016, November). <em>Medical-Review-Institute-of-America-MRIoA.jpg<\/em>. healthitdirectory.com. https:\/\/healthitdirectory.com\/wp-content\/uploads\/2016\/11\/Medical-Review-Institute-of-America-MRIoA.jpg<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Pollock, S. (2022a). Data Breach Notifications. In <em>Privacy, Identity Theft and Data Security Breaches<\/em>. Office of the Maine Attorney General. Retrieved May 2, 2023, from https:\/\/apps.web.maine.gov\/online\/aeviewer\/ME\/40\/8de68304-84d8-4c9c-bf36-c2de1b461e70.shtml<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Pollock, S. (2022b). Re: Security Breach Notification. In <em>Data Breach Notifications<\/em>. Office of the Maine Attorney General. Retrieved May 2, 2023, from https:\/\/apps.web.maine.gov\/online\/aeviewer\/ME\/40\/8de68304-84d8-4c9c-bf36-c2de1b461e70\/f95dfcd5-29d2-4181-9407-abcad8a2f5ec\/document.html<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-4-3 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" title=\"Medical Review Institute of America suffered a suspected ransomware\/extortion attempt from Sonicwall\" width=\"640\" height=\"480\" src=\"https:\/\/www.youtube.com\/embed\/s2p6zDvGNpU?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n<\/div><figcaption class=\"wp-element-caption\">YouTube\/Blog Notification Post<\/figcaption><\/figure>\n","protected":false},"excerpt":{"rendered":"<p>One-sentence summary: Medical Review Institute of America suspected ransomware and data breach via Sonicwall affects 134,000, results in<\/p>\n","protected":false},"author":4,"featured_media":662,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[480,3,12,13,76,63,274,75,61,11,10,74,570,14,120,45,566,43,44,428,567,8,27,264,48,565,67,119,568,569,571,15,81,564],"class_list":["post-661","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-breach-report","tag-breach","tag-breach-report","tag-breaches","tag-ciso","tag-cloud","tag-computer-security","tag-computers","tag-cyber-security","tag-cybercrime","tag-cybersecurity","tag-dallas","tag-data-breach","tag-deletion","tag-executive","tag-extortion","tag-healthcare","tag-healthinsurance","tag-hipaa","tag-hitech","tag-hospital","tag-insurance","tag-kent-protect","tag-kentprotect","tag-litigation","tag-maine","tag-massachusetts","tag-pwned","tag-ransomware","tag-salt-lake-city","tag-slc","tag-sonicwall","tag-summary","tag-texas","tag-utah"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v28.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Breach Report: Medical Review Institute of America suspected ransomware &amp; breach - Kent Protect<\/title>\n<meta name=\"description\" content=\"Medical Review Institute of America suspected ransomware and data breach via Sonicwall affects 134,000, results in five class-action lawsuits and a $2.6 million settlement despite data deletion.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/kentprotect.com\/index.php\/2023\/05\/02\/breach-report-medical-review-institute-of-america-suspected-ransomware-and-data-breach\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Breach Report: Medical Review Institute of America suspected ransomware &amp; breach - Kent Protect\" \/>\n<meta property=\"og:description\" content=\"Medical Review Institute of America suspected ransomware and data breach via Sonicwall affects 134,000, results in five class-action lawsuits and a $2.6 million settlement despite data deletion.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/kentprotect.com\/index.php\/2023\/05\/02\/breach-report-medical-review-institute-of-america-suspected-ransomware-and-data-breach\/\" \/>\n<meta property=\"og:site_name\" content=\"Kent Protect\" \/>\n<meta property=\"article:published_time\" content=\"2023-05-02T17:42:11+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-05-03T08:50:58+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/kentprotect.com\/wp-content\/uploads\/2023\/05\/Medical-Review-Institute-of-America-MRIoA.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"400\" \/>\n\t<meta property=\"og:image:height\" content=\"400\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Kyler Kent CISSP\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Kyler Kent CISSP\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/kentprotect.com\\\/index.php\\\/2023\\\/05\\\/02\\\/breach-report-medical-review-institute-of-america-suspected-ransomware-and-data-breach\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/kentprotect.com\\\/index.php\\\/2023\\\/05\\\/02\\\/breach-report-medical-review-institute-of-america-suspected-ransomware-and-data-breach\\\/\"},\"author\":{\"name\":\"Kyler Kent CISSP\",\"@id\":\"https:\\\/\\\/kentprotect.com\\\/#\\\/schema\\\/person\\\/f9b4d76bd2f5b5559a08ad2e004a1116\"},\"headline\":\"Breach Report: Medical Review Institute of America suspected ransomware &#038; breach\",\"datePublished\":\"2023-05-02T17:42:11+00:00\",\"dateModified\":\"2023-05-03T08:50:58+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/kentprotect.com\\\/index.php\\\/2023\\\/05\\\/02\\\/breach-report-medical-review-institute-of-america-suspected-ransomware-and-data-breach\\\/\"},\"wordCount\":1491,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/kentprotect.com\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/kentprotect.com\\\/index.php\\\/2023\\\/05\\\/02\\\/breach-report-medical-review-institute-of-america-suspected-ransomware-and-data-breach\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/kentprotect.com\\\/wp-content\\\/uploads\\\/2023\\\/05\\\/Medical-Review-Institute-of-America-MRIoA.jpg\",\"keywords\":[\"breach\",\"breach report\",\"breaches\",\"ciso\",\"cloud\",\"computer security\",\"computers\",\"cyber security\",\"cybercrime\",\"cybersecurity\",\"dallas\",\"data breach\",\"deletion\",\"executive\",\"extortion\",\"healthcare\",\"healthinsurance\",\"HIPAA\",\"HITECH\",\"hospital\",\"insurance\",\"kent protect\",\"kentprotect\",\"litigation\",\"maine\",\"massachusetts\",\"pwned\",\"ransomware\",\"salt lake city\",\"slc\",\"sonicwall\",\"summary\",\"texas\",\"utah\"],\"articleSection\":[\"The Breach Report!\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/kentprotect.com\\\/index.php\\\/2023\\\/05\\\/02\\\/breach-report-medical-review-institute-of-america-suspected-ransomware-and-data-breach\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/kentprotect.com\\\/index.php\\\/2023\\\/05\\\/02\\\/breach-report-medical-review-institute-of-america-suspected-ransomware-and-data-breach\\\/\",\"url\":\"https:\\\/\\\/kentprotect.com\\\/index.php\\\/2023\\\/05\\\/02\\\/breach-report-medical-review-institute-of-america-suspected-ransomware-and-data-breach\\\/\",\"name\":\"Breach Report: Medical Review Institute of America suspected ransomware & breach - Kent Protect\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/kentprotect.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/kentprotect.com\\\/index.php\\\/2023\\\/05\\\/02\\\/breach-report-medical-review-institute-of-america-suspected-ransomware-and-data-breach\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/kentprotect.com\\\/index.php\\\/2023\\\/05\\\/02\\\/breach-report-medical-review-institute-of-america-suspected-ransomware-and-data-breach\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/kentprotect.com\\\/wp-content\\\/uploads\\\/2023\\\/05\\\/Medical-Review-Institute-of-America-MRIoA.jpg\",\"datePublished\":\"2023-05-02T17:42:11+00:00\",\"dateModified\":\"2023-05-03T08:50:58+00:00\",\"description\":\"Medical Review Institute of America suspected ransomware and data breach via Sonicwall affects 134,000, results in five class-action lawsuits and a $2.6 million settlement despite data deletion.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/kentprotect.com\\\/index.php\\\/2023\\\/05\\\/02\\\/breach-report-medical-review-institute-of-america-suspected-ransomware-and-data-breach\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/kentprotect.com\\\/index.php\\\/2023\\\/05\\\/02\\\/breach-report-medical-review-institute-of-america-suspected-ransomware-and-data-breach\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/kentprotect.com\\\/index.php\\\/2023\\\/05\\\/02\\\/breach-report-medical-review-institute-of-america-suspected-ransomware-and-data-breach\\\/#primaryimage\",\"url\":\"https:\\\/\\\/kentprotect.com\\\/wp-content\\\/uploads\\\/2023\\\/05\\\/Medical-Review-Institute-of-America-MRIoA.jpg\",\"contentUrl\":\"https:\\\/\\\/kentprotect.com\\\/wp-content\\\/uploads\\\/2023\\\/05\\\/Medical-Review-Institute-of-America-MRIoA.jpg\",\"width\":400,\"height\":400,\"caption\":\"Medical Review Institute of America logo Image source: (MRIoA (healthitdirectory.com), 2016)\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/kentprotect.com\\\/index.php\\\/2023\\\/05\\\/02\\\/breach-report-medical-review-institute-of-america-suspected-ransomware-and-data-breach\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/kentprotect.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Breach Report: Medical Review Institute of America suspected ransomware &#038; breach\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/kentprotect.com\\\/#website\",\"url\":\"https:\\\/\\\/kentprotect.com\\\/\",\"name\":\"Kent Protect\",\"description\":\"Starring the Breach Report! and other security and cybersecurity series\",\"publisher\":{\"@id\":\"https:\\\/\\\/kentprotect.com\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/kentprotect.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/kentprotect.com\\\/#organization\",\"name\":\"Kent Protect\",\"url\":\"https:\\\/\\\/kentprotect.com\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/kentprotect.com\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/kentprotect.com\\\/wp-content\\\/uploads\\\/2023\\\/04\\\/cropped-FullLogo_Transparent-1-with-KP-Smaller.png\",\"contentUrl\":\"https:\\\/\\\/kentprotect.com\\\/wp-content\\\/uploads\\\/2023\\\/04\\\/cropped-FullLogo_Transparent-1-with-KP-Smaller.png\",\"width\":209,\"height\":161,\"caption\":\"Kent Protect\"},\"image\":{\"@id\":\"https:\\\/\\\/kentprotect.com\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/kentprotect.com\\\/#\\\/schema\\\/person\\\/f9b4d76bd2f5b5559a08ad2e004a1116\",\"name\":\"Kyler Kent CISSP\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/kentprotect.com\\\/wp-content\\\/uploads\\\/2023\\\/03\\\/Retry-3-150x150.jpg\",\"url\":\"https:\\\/\\\/kentprotect.com\\\/wp-content\\\/uploads\\\/2023\\\/03\\\/Retry-3-150x150.jpg\",\"contentUrl\":\"https:\\\/\\\/kentprotect.com\\\/wp-content\\\/uploads\\\/2023\\\/03\\\/Retry-3-150x150.jpg\",\"caption\":\"Kyler Kent CISSP\"},\"description\":\"Kyler Kent is a Senior Cybersecurity Analyst on CrowdStrike\u2019s Falcon Complete MDR team, where he helps large enterprises detect, investigate, and contain real intrusions across cloud and hybrid environments. His work spans threat hunting, incident response, and security automation\u2014turning noisy telemetry into clear, repeatable actions that reduce risk quickly. Previously, Kyler served as a Threat Hunting and Intelligence Specialist supporting a critical infrastructure provider in Dallas, and led security automation and operational coordination at CyberConvoy. He holds a Master\u2019s in Cybersecurity Risk Management from Georgetown University and maintains certifications including CISSP, AWS Solutions Architect \u2013 Professional, AWS Security \u2013 Specialty, and multiple CrowdStrike credentials. He writes to close the gap between \u201cwhat the textbook says\u201d and what analysts actually do on shift with his published book: \\\"SOC Analyst Career Guide\\\" (ISBN-13: 9781835467466). https:\\\/\\\/linktr.ee\\\/kentprotect.com Corrections: corrections@kentprotect.com\",\"sameAs\":[\"http:\\\/\\\/kylerkent.com\"],\"url\":\"https:\\\/\\\/kentprotect.com\\\/index.php\\\/author\\\/kylerkent\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Breach Report: Medical Review Institute of America suspected ransomware & breach - Kent Protect","description":"Medical Review Institute of America suspected ransomware and data breach via Sonicwall affects 134,000, results in five class-action lawsuits and a $2.6 million settlement despite data deletion.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/kentprotect.com\/index.php\/2023\/05\/02\/breach-report-medical-review-institute-of-america-suspected-ransomware-and-data-breach\/","og_locale":"en_US","og_type":"article","og_title":"Breach Report: Medical Review Institute of America suspected ransomware & breach - Kent Protect","og_description":"Medical Review Institute of America suspected ransomware and data breach via Sonicwall affects 134,000, results in five class-action lawsuits and a $2.6 million settlement despite data deletion.","og_url":"https:\/\/kentprotect.com\/index.php\/2023\/05\/02\/breach-report-medical-review-institute-of-america-suspected-ransomware-and-data-breach\/","og_site_name":"Kent Protect","article_published_time":"2023-05-02T17:42:11+00:00","article_modified_time":"2023-05-03T08:50:58+00:00","og_image":[{"width":400,"height":400,"url":"https:\/\/kentprotect.com\/wp-content\/uploads\/2023\/05\/Medical-Review-Institute-of-America-MRIoA.jpg","type":"image\/jpeg"}],"author":"Kyler Kent CISSP","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Kyler Kent CISSP","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/kentprotect.com\/index.php\/2023\/05\/02\/breach-report-medical-review-institute-of-america-suspected-ransomware-and-data-breach\/#article","isPartOf":{"@id":"https:\/\/kentprotect.com\/index.php\/2023\/05\/02\/breach-report-medical-review-institute-of-america-suspected-ransomware-and-data-breach\/"},"author":{"name":"Kyler Kent CISSP","@id":"https:\/\/kentprotect.com\/#\/schema\/person\/f9b4d76bd2f5b5559a08ad2e004a1116"},"headline":"Breach Report: Medical Review Institute of America suspected ransomware &#038; breach","datePublished":"2023-05-02T17:42:11+00:00","dateModified":"2023-05-03T08:50:58+00:00","mainEntityOfPage":{"@id":"https:\/\/kentprotect.com\/index.php\/2023\/05\/02\/breach-report-medical-review-institute-of-america-suspected-ransomware-and-data-breach\/"},"wordCount":1491,"commentCount":0,"publisher":{"@id":"https:\/\/kentprotect.com\/#organization"},"image":{"@id":"https:\/\/kentprotect.com\/index.php\/2023\/05\/02\/breach-report-medical-review-institute-of-america-suspected-ransomware-and-data-breach\/#primaryimage"},"thumbnailUrl":"https:\/\/kentprotect.com\/wp-content\/uploads\/2023\/05\/Medical-Review-Institute-of-America-MRIoA.jpg","keywords":["breach","breach report","breaches","ciso","cloud","computer security","computers","cyber security","cybercrime","cybersecurity","dallas","data breach","deletion","executive","extortion","healthcare","healthinsurance","HIPAA","HITECH","hospital","insurance","kent protect","kentprotect","litigation","maine","massachusetts","pwned","ransomware","salt lake city","slc","sonicwall","summary","texas","utah"],"articleSection":["The Breach Report!"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/kentprotect.com\/index.php\/2023\/05\/02\/breach-report-medical-review-institute-of-america-suspected-ransomware-and-data-breach\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/kentprotect.com\/index.php\/2023\/05\/02\/breach-report-medical-review-institute-of-america-suspected-ransomware-and-data-breach\/","url":"https:\/\/kentprotect.com\/index.php\/2023\/05\/02\/breach-report-medical-review-institute-of-america-suspected-ransomware-and-data-breach\/","name":"Breach Report: Medical Review Institute of America suspected ransomware & breach - Kent Protect","isPartOf":{"@id":"https:\/\/kentprotect.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/kentprotect.com\/index.php\/2023\/05\/02\/breach-report-medical-review-institute-of-america-suspected-ransomware-and-data-breach\/#primaryimage"},"image":{"@id":"https:\/\/kentprotect.com\/index.php\/2023\/05\/02\/breach-report-medical-review-institute-of-america-suspected-ransomware-and-data-breach\/#primaryimage"},"thumbnailUrl":"https:\/\/kentprotect.com\/wp-content\/uploads\/2023\/05\/Medical-Review-Institute-of-America-MRIoA.jpg","datePublished":"2023-05-02T17:42:11+00:00","dateModified":"2023-05-03T08:50:58+00:00","description":"Medical Review Institute of America suspected ransomware and data breach via Sonicwall affects 134,000, results in five class-action lawsuits and a $2.6 million settlement despite data deletion.","breadcrumb":{"@id":"https:\/\/kentprotect.com\/index.php\/2023\/05\/02\/breach-report-medical-review-institute-of-america-suspected-ransomware-and-data-breach\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/kentprotect.com\/index.php\/2023\/05\/02\/breach-report-medical-review-institute-of-america-suspected-ransomware-and-data-breach\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kentprotect.com\/index.php\/2023\/05\/02\/breach-report-medical-review-institute-of-america-suspected-ransomware-and-data-breach\/#primaryimage","url":"https:\/\/kentprotect.com\/wp-content\/uploads\/2023\/05\/Medical-Review-Institute-of-America-MRIoA.jpg","contentUrl":"https:\/\/kentprotect.com\/wp-content\/uploads\/2023\/05\/Medical-Review-Institute-of-America-MRIoA.jpg","width":400,"height":400,"caption":"Medical Review Institute of America logo Image source: (MRIoA (healthitdirectory.com), 2016)"},{"@type":"BreadcrumbList","@id":"https:\/\/kentprotect.com\/index.php\/2023\/05\/02\/breach-report-medical-review-institute-of-america-suspected-ransomware-and-data-breach\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/kentprotect.com\/"},{"@type":"ListItem","position":2,"name":"Breach Report: Medical Review Institute of America suspected ransomware &#038; breach"}]},{"@type":"WebSite","@id":"https:\/\/kentprotect.com\/#website","url":"https:\/\/kentprotect.com\/","name":"Kent Protect","description":"Starring the Breach Report! and other security and cybersecurity series","publisher":{"@id":"https:\/\/kentprotect.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/kentprotect.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/kentprotect.com\/#organization","name":"Kent Protect","url":"https:\/\/kentprotect.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kentprotect.com\/#\/schema\/logo\/image\/","url":"https:\/\/kentprotect.com\/wp-content\/uploads\/2023\/04\/cropped-FullLogo_Transparent-1-with-KP-Smaller.png","contentUrl":"https:\/\/kentprotect.com\/wp-content\/uploads\/2023\/04\/cropped-FullLogo_Transparent-1-with-KP-Smaller.png","width":209,"height":161,"caption":"Kent Protect"},"image":{"@id":"https:\/\/kentprotect.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/kentprotect.com\/#\/schema\/person\/f9b4d76bd2f5b5559a08ad2e004a1116","name":"Kyler Kent CISSP","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kentprotect.com\/wp-content\/uploads\/2023\/03\/Retry-3-150x150.jpg","url":"https:\/\/kentprotect.com\/wp-content\/uploads\/2023\/03\/Retry-3-150x150.jpg","contentUrl":"https:\/\/kentprotect.com\/wp-content\/uploads\/2023\/03\/Retry-3-150x150.jpg","caption":"Kyler Kent CISSP"},"description":"Kyler Kent is a Senior Cybersecurity Analyst on CrowdStrike\u2019s Falcon Complete MDR team, where he helps large enterprises detect, investigate, and contain real intrusions across cloud and hybrid environments. His work spans threat hunting, incident response, and security automation\u2014turning noisy telemetry into clear, repeatable actions that reduce risk quickly. Previously, Kyler served as a Threat Hunting and Intelligence Specialist supporting a critical infrastructure provider in Dallas, and led security automation and operational coordination at CyberConvoy. He holds a Master\u2019s in Cybersecurity Risk Management from Georgetown University and maintains certifications including CISSP, AWS Solutions Architect \u2013 Professional, AWS Security \u2013 Specialty, and multiple CrowdStrike credentials. He writes to close the gap between \u201cwhat the textbook says\u201d and what analysts actually do on shift with his published book: \"SOC Analyst Career Guide\" (ISBN-13: 9781835467466). https:\/\/linktr.ee\/kentprotect.com Corrections: corrections@kentprotect.com","sameAs":["http:\/\/kylerkent.com"],"url":"https:\/\/kentprotect.com\/index.php\/author\/kylerkent\/"}]}},"_links":{"self":[{"href":"https:\/\/kentprotect.com\/index.php\/wp-json\/wp\/v2\/posts\/661","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kentprotect.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kentprotect.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kentprotect.com\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/kentprotect.com\/index.php\/wp-json\/wp\/v2\/comments?post=661"}],"version-history":[{"count":8,"href":"https:\/\/kentprotect.com\/index.php\/wp-json\/wp\/v2\/posts\/661\/revisions"}],"predecessor-version":[{"id":671,"href":"https:\/\/kentprotect.com\/index.php\/wp-json\/wp\/v2\/posts\/661\/revisions\/671"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kentprotect.com\/index.php\/wp-json\/wp\/v2\/media\/662"}],"wp:attachment":[{"href":"https:\/\/kentprotect.com\/index.php\/wp-json\/wp\/v2\/media?parent=661"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kentprotect.com\/index.php\/wp-json\/wp\/v2\/categories?post=661"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kentprotect.com\/index.php\/wp-json\/wp\/v2\/tags?post=661"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}