Indiana medical company hit with first multistate HIPAA lawsuit: 7 things to know

Attorneys general from 12 states have united to sue an Indiana medical company over a 2015 data breach, according to Inside INdiana Business.

Here are seven things to know:

1. Hackers gained access to a web application called WebChart operated by Medical Informatics Engineering and its subsidiary NoMoreClipboard — collectively known as MIE — between  May 7, 2015, and May 26, 2015. The data of about 3.9 million people was compromised.

2. According to azcentral, the lawsuit alleges the hackers stole electronic protected health information, including: names, phone numbers, mailing addresses, user names, passwords, security questions and answers, spousal information (name and potentially date of birth), email addresses, dates of birth, Social Security numbers, lab results, health insurance policy information, diagnoses, disability codes, physicians' names, medical conditions and children's names and birth statistics.

3. The lawsuit claims MIE is liable because it did not properly establish "basic industry-accepted data security measures to protect individual's health information from unauthorized access."

4. The attorneys general have brought the suit under HIPAA as well as several state laws, including unfair and deceptive practice laws, notice of data breach statutes and state personal information protection acts.

5. Azcentral could not reach MIE at the time its report was published Dec. 3, but it reported that the company acknowledged the breach in 2015. At the time, MIE called it a "cyberattack" and said some personal and protected health information stored in "certain clients'" EHRs had been affected.

6. The 12 states in the lawsuit are Arizona, Arkansas, Florida, Iowa, Indiana, Kansas, Kentucky, Louisiana, Minnesota, Nebraska, North Carolina and Wisconsin.

7. This action marks the first time states have joined together to file a HIPAA-related lawsuit.

More articles on cybersecurity:

Renters find thousands of pages of medical records in former physician's home
California health center alerts patients to improper PHI disposal
Ransomware attack strikes Rhode Island health center: 4 things to know

© Copyright ASC COMMUNICATIONS 2019. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.


Top 40 Articles from the Past 6 Months