Skip to main content

Medical Review Institute
Data Breach

The Lyon Firm is actively involved in healthcare data breach lawsuits nationwide
Nationwide Success

Healthcare Data Breach Lawyer

Investigating The Medical Review Institute of America data breach claims

Thank you for considering The Lyon Firm. At this time, we are not accepting plaintiffs related to this specific consumer issue. However, if you would like to be contacted in the future, please complete the contact form. By completing the form you will be contacted if the Firm begins accepting new cases on this matter, and you will also be included in firm news alerts related to important consumer safety and privacy issues to help keep you informed about related issues.

The Lyon Firm is investigating The Medical Review Institute of America data breach in which thousands of victims have been impacted. Patients may have had their data compromised in the November 2021 ransomware attack in which sensitive patient data may have been stolen.

Over 134,000 individuals may have been impacted by the Medical Review Institute data breach, and data breach notification letters have been sent out to those most vulnerable. The letter states that on November 9, 2021, Medical Review Institute discovered a cybersecurity incident which led to unauthorized access to its network. An investigation with third-party experts confirmed the data breach.

On November 12, 2021, MRoiA concluded that the attackers exfiltrated  patients’ electronic protected health information (ePHI). The Medical Review Institute of America (MRoiA ) is provided with patient data by HIPAA-covered entities as part of the clinical peer review process of healthcare services.

MRoiA has not said whether or not ransomware was involved, although experts say the attack had the hallmarks of a double-extortion ransomware attack. MRoiA said on November 16, 2021 that any stolen data were retrieved and copies of the data have been deleted, which suggests a ransom demand was paid.

The Medical Review Institute says the following types of information may have been stolen:

  • Gender
  • Home address
  • Phone number
  • Email address
  • Date of birth
  • Social Security number
  • Medical history
  • Diagnosis, treatment information
  • Dates of service
  • Lab test results
  • Prescription information
  • Provider name
  • Medical account number

In response, MRIoA has been implementing additional cybersecurity safeguards, including:

  • Monitoring of systems with advanced threat hunting and detection software
  • Additional multi-factor authentication protections
  • New servers to ensure all malware and threat remnants were removed
  • Working with external third-party cybersecurity experts
  • Enhancing employee cybersecurity training
  • Reviewing, revising, and amending existing cybersecurity policies


    Please complete the form below for a FREE consultation.

    • This field is for validation purposes and should be left unchanged.


    Joseph Lyon has 17 years of experience representing individuals in complex litigation matters. He has represented individuals in every state against many of the largest companies in the world.

    The Firm focuses on single-event civil cases and class actions involving corporate neglect & fraud, toxic exposure, product defects & recalls, medical malpractice, and invasion of privacy.


    The Firm offers contingency fees, advancing all costs of the litigation, and accepting the full financial risk, allowing our clients full access to the legal system while reducing the financial stress while they focus on their healthcare and financial needs.