Class Action Says Medical Review Institute of America Stored BCBS of Illinois Patient Info in ‘Reckless Manner’

New to ClassAction.org? Read our Newswire Disclaimer

Medical Review Institute of America (MRIoA) and Blue Cross and Blue Shield of Illinois (BCBSIL) face a proposed class action in the wake of a “sophisticated” November 2021 cyberattack that reportedly affected hundreds of thousands of individuals. 

The 54-page lawsuit claims that MRIoA, who receives highly confidential health plan member information from BCBSIL, stored the sensitive information in a “reckless manner,” such that an unauthorized third party was able to access its computer systems last year. According to the case, the files compromised in the incident, which was discovered by MRIoA on November 9, were unencrypted and left in a condition “vulnerable to cyberattack.” 

As a result of the breach, those whose information was compromised now face a heightened, long-term threat of identity theft and fraud, the suit says. 

“Due to Defendant MRIoA’s inadequate and insufficient data security measures, Plaintiff and the Class Members now face an increased risk of fraud and identity theft and must deal with that threat forever,” the complaint scathes, noting that the plaintiff, a Homewood, Illinois resident, believes her information was subsequently sold on the dark web in the wake of the breach. 

Information allegedly compromised in the Medical Review Institute of America and Blue Cross and Blue Shield of Illinois data breach includes patient names, home and email addresses, phone numbers, dates of birth, Social Security numbers, clinical specifics, lab test results, prescription details, medical account numbers and health insurance and financial data. 

Per the case, MRIoA provides BCBSIL, a division of defendant Health Care Service Corporation, external review services for medical, dental, behavioral health, pharmacy, vision, disability, workers’ comp and auto claims. The complaint says MRIoA uses a nationwide network of board-certified physician specialists to go over the information it receives from clients such as BCBSIL, who shared with the company an obligation to safeguard the highly confidential information in its care. 

The lawsuit stresses that the defendants should have been on high alert with regard to a data breach given the uptick in high-profile cybersecurity incidents in the healthcare industry in recent years. Despite the prevalence of such attacks, MRIoA failed to meet minimum, well-established industry cybersecurity standards, the case claims. 

The lawsuit looks to represent all persons whose private information was maintained on Medical Review Institute of America’s system that was compromised in the data breach and who received notice of the incident from the company. The suit also looks to cover all Blue Cross and Blue Shield of Illinois members whose private information was maintained on MRIoA’s system and who received notice of the breach. 

Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.