Between May 7-26, 2015, hackers were able to gain access to the Fort Wayne, Ind.-based medical records provider’s web application, known as WebChart. During that time, the unauthorized third party stole electronic personal health information.
When the Office of Civil Rights at HHS opened an investigation, it found that MIE did not perform a proficient risk analysis prior to the data breach, a mandatory HIPAA rule.
The other states included in the settlement agreement are Indiana, Arizona, Arkansas, Connecticut, Florida, Iowa, Kansas, Kentucky, Louisiana, Michigan, Minnesota, Nebraska, Tennessee, West Virginia and Wisconsin.
Earlier this month, MIE agreed to pay the OCR $100,000 to settle the HIPAA violation.
More articles on cybersecurity:
Oregon State Hospital alerts patients of phishing attack
Memorial Hermann employee ‘improperly’ used patients’ credit card info
First cybercrime hotline unveiled in Rhode Island
