fbpx

Medical Review Institute, BCBS of Illinois Data Breach Class Action

This class action bring suit against the Medical Review Institute of America, LLC (MRIoA), because of its recent data breach, and also Health Care Service Corporation, which does business as Blue Cross and Blue Shield of Illinois (BCBSIL), which provided its health plan members’ information to MRIoA. The complaint alleges that both companies bear responsibility for the compromise of hundreds of thousands of persons’ personally identifiable information (PII) and protected health information (PHI) in the data breach.

The Class for this action is all persons whose private information was kept on MRIoA’s system that was compromised in the data breach, and who were sent a Notice of the data breach. A BCBSIL Subclass has also been proposed for those in the above class who were members of BCBSIL.

According to the complaint. “MRIoA provides external review of medical, dental, behavioral health, pharmacy, vision, disability, workers’ compensation, and auto claims for insurance carriers, employers, TPAs, self-administered union groups, pharmacy benefit managers, human resource consultants and departments of insurance throughout the country.”

The complaint describes it as a “business associate of BCBSIL” and BCBSIL passes on to MRIoA private information about its members and their medical and financial matters for MRIoA’s review.

MRIoA learned that it had suffered a cyberattack on November 9, 2021. Within three days, its investigation had found that the attack included the stealing of information, pertaining to members of BCBSIL among other clients. The complaint alleges, “Upon information and belief, the Private Information contained in the files accessed by hackers was not encrypted.”

The complaint also alleges that MRIoA was targeted because it was a business associate of health care-related entities, and that the aim of the attack was to gain access to private information, including PII and PHI.

According to the complaint, MRIoA and BCBSIL “maintained the Private Information in a reckless manner. In particular, the Private Information was maintained on MRIoA’s computer system and network in a condition vulnerable to cyberattack.”

“Upon information and belief,” the complaint further alleges, “the mechanism of the Data Breach and potential for improper disclosure” of the information “was a known risk” to MRIoA and BCBSIL. It claims that the companies were therefore on notice that they were leaving the information in a risky and dangerous condition that might be vulnerable to cyberattacks.

The complaint alleges that the companies’ “data security obligations were particularly important given the substantial increase in cyberattacks and/or data breaches in the healthcare industry preceding the date of the breach.” It claims that, in 2021, of the record 1,862 data breaches, 330 or 17.7% were perpetrated on entities in the healthcare field and exposed some 20 million more sensitive records than did data breaches in 2020.

The complaint asserts that, “according to the cybersecurity firm Mimecast, 90% of healthcare organizations experienced cyberattacks in the past year.”

The complaint alleges that the defendant companies failed to comply with industry standards and Federal Trade Commission security guidelines.

Article Type: Lawsuit
Topic: Privacy

Most Recent Case Event

Medical Review Institute, BCBS of Illinois Data Breach Complaint

February 3, 2022

This class action bring suit against the Medical Review Institute of America, LLC (MRIoA), because of its recent data breach, and also Health Care Service Corporation, which does business as Blue Cross and Blue Shield of Illinois (BCBSIL), which provided its health plan members’ information to MRIoA. The complaint alleges that both companies bear responsibility for the compromise of hundreds of thousands of persons’ personally identifiable information (PII) and protected health information (PHI) in the data breach.

Medical Review Institute, BCBS of Illinois Data Breach Complaint

Case Event History

Medical Review Institute, BCBS of Illinois Data Breach Complaint

February 3, 2022

This class action bring suit against the Medical Review Institute of America, LLC (MRIoA), because of its recent data breach, and also Health Care Service Corporation, which does business as Blue Cross and Blue Shield of Illinois (BCBSIL), which provided its health plan members’ information to MRIoA. The complaint alleges that both companies bear responsibility for the compromise of hundreds of thousands of persons’ personally identifiable information (PII) and protected health information (PHI) in the data breach.

Medical Review Institute, BCBS of Illinois Data Breach Complaint
Tags: Exposing Private Information, Exposure to cyber crime, Your Privacy