Western Sky Community Care, Inc. (“WSCC”) discovered that its vendor Medical Review Institute of America (“MRIoA”) experienced a cyber incident between Nov. 2 and Nov. 9, 2021. During that time, an unauthorized actor viewed or downloaded data files stored on MRIoA’s systems. On Dec.14, 2021, WSCC discovered the identities of its members who were impacted by this breach.
The personal information involved in this incident included name and one or more of the following: address, date of birth, Social Security number, insurance ID number, and/or health information, such as medical condition(s) and treatment.
MRIoA immediately took the following measures in response to this incident:
• Immediately activated its incident response plan.
• Reviewed files involved and distributed notification to impacted individuals.
• Took steps to improve its system security.
• Coordinated with law enforcement authorities, including the United States Federal Bureau of Investigation (FBI).
We have no indication that member information was used inappropriately. However, out of an abundance of caution, we recommend that potentially affected members take reasonable steps to ensure the security of their information. Affected members were notified by mail.
We are offering members affected by this incident one-year of free credit monitoring and identity theft protection services. Instructions on how to enroll in this service were included in the letter sent to affected individuals. We have also shared a reference guide of recommendations from the Federal Trade Commission regarding identity theft including information on how to request free credit reports, security freezes, and fraud alerts.
WSCC is deeply committed to protecting our members’ privacy, and we sincerely regret any inconvenience this incident may have caused.
For more information, or if you have any questions about this incident, please contact Western Sky Community Care’s Compliance Department at
Published in the El Defensor Chieftain on February 17, 2022