North Carolina and 15 other states have reached a $900,000 settlement with Medical Informatics Engineering after a data breach from the EHR provider exposed the information of 3.9 million people, according to a May 23 news release from North Carolina attorney general Josh Stein.
Between May 7-26, 2015, hackers were able to gain access to the Fort Wayne, Ind.-based medical records provider's web application, known as WebChart. During that time, the unauthorized third party stole electronic personal health information.
When the Office of Civil Rights at HHS opened an investigation, it found that MIE did not perform a proficient risk analysis prior to the data breach, a mandatory HIPAA rule.
The other states included in the settlement agreement are Indiana, Arizona, Arkansas, Connecticut, Florida, Iowa, Kansas, Kentucky, Louisiana, Michigan, Minnesota, Nebraska, Tennessee, West Virginia and Wisconsin.
Earlier this month, MIE agreed to pay the OCR $100,000 to settle the HIPAA violation.
More articles on cybersecurity:
Oregon State Hospital alerts patients of phishing attack
Memorial Hermann employee 'improperly' used patients' credit card info
First cybercrime hotline unveiled in Rhode Island