Between May 7-26, 2015, hackers were able to gain access to the Fort Wayne, Ind.-based medical records provider’s web application, known as WebChart. During that time, the unauthorized third party stole electronic personal health information.
When the Office of Civil Rights at HHS opened an investigation, it found that MIE did not perform a proficient risk analysis prior to the data breach, a mandatory HIPAA rule.
The other states included in the settlement agreement are Indiana, Arizona, Arkansas, Connecticut, Florida, Iowa, Kansas, Kentucky, Louisiana, Michigan, Minnesota, Nebraska, Tennessee, West Virginia and Wisconsin.
Earlier this month, MIE agreed to pay the OCR $100,000 to settle the HIPAA violation.
More articles on cybersecurity:
Oregon State Hospital alerts patients of phishing attack
Memorial Hermann employee ‘improperly’ used patients’ credit card info
First cybercrime hotline unveiled in Rhode Island
At the Becker's 11th Annual IT + Revenue Cycle Conference: The Future of AI & Digital Health, taking place September 14–17 in Chicago, healthcare executives and digital leaders from across the country will come together to explore how AI, interoperability, cybersecurity, and revenue cycle innovation are transforming care delivery, strengthening financial performance, and driving the next era of digital health. Apply for complimentary registration now.
