Skip to Main Content

MRIoA Cyber Incident Notice for Medicaid and Ambetter Members

Date: 01/06/22

On November 9, 2021, MRIoA discovered that it was the victim of a sophisticated cyber-attack. Once MRIoA found out, MRIoA quickly took steps to secure and safely restore its systems and operations. Further, MRIoA immediately engaged third-party forensic and incident response experts to conduct a thorough investigation of the incident's nature and scope and assist in the remediation efforts. MRIoA also contacted the FBI to inform them of the incident and seek guidance.  On November 12, 2021, MRIoA discovered that the incident involved the unauthorized acquisition of information.

On November 16, 2021, MRIoA retrieved and subsequently confirmed the deletion of the obtained information to the best of its ability and knowledge. MRIoA’s investigation into the cause of the incident is ongoing. However, once MRIoA retrieved the information, MRIoA began determining the individuals impacted in the incident. Further, MRIoA discovered that protected health information was included in the incident based on a comprehensive review.

However, to the best of its knowledge and as of the date of this release, MRIoA has no evidence indicating the occurrence of identity theft resulting from this incident.

What Information Was Involved

The types of protected health information potentially involved (only if this information was provided to MRIoA) include contact and demographic information (i.e., first and last name, gender, home address, phone number, email address, date of birth), social security number; clinical information (i.e., medical history/diagnosis/treatment, dates of service, lab test results, prescription information, provider name, medical account number, or anything similar in your medical file and/or record); and health insurance information (i.e., health insurance policy and group plan number, group plan provider, claim information). The obtained information did not include financial account information.

What We Are Doing

In response to this incident, MRIoA implemented and/or is continuing to implement additional cybersecurity safeguards to MRIoA’s existing infrastructure to better minimize the likelihood of this type of event occurring again, including:

  • Constant monitoring of our systems with advanced threat hunting and detection software;
  • Adding additional multifactor authentication protections when attempting to access the systems;
  • New servers built from the ground up to ensure all threat remnants were removed;
  • Working with external third-party cybersecurity experts to assist us in our security efforts;
  • Deploying a hardened and new backup environment;
  • Enhancing our employee cybersecurity training; and
  • Reviewing, revising, and amending our existing cybersecurity policies as necessary.

What You Can Do 

The security and privacy of the information contained within our systems is a top priority for us. Therefore, while we have no evidence indicating your information was misused, we strongly recommend that you remain vigilant, monitor and review all of your financial and account statements, and report any unusual activity to the institution that issued the record and law enforcement. In addition, please see “OTHER IMPORTANT INFORMATION” on the following pages for guidance on how to best protect your identity.

We are providing members affected by this incident with one-year of free credit monitoring and identity theft protection services. Instructions on how to enroll in this service were included in the letter sent to affected members.

 

For More Information

We sincerely regret this incident occurred and any concern it may cause. We understand that you may have questions about it beyond what is covered in this posting. To assist you with questions regarding this incident, please call the helpline at 1-888-653-0511.  Representatives are available for 90 days from the date of this letter, between the hours of 8:00 am to 8:00 pm Eastern time, Monday through Friday.