Attorney General Curtis Hill announced today that he is leading a 12-state federal lawsuit against a Fort Wayne web-based electronic health records company that allegedly sustained a data breach compromising the data of more than 3.9 million people.
The lawsuit alleges that Medical Informatics Engineering Inc. and NoMoreClipboard LLC (collectively “MIE”) violated provisions of the Health Insurance Portability and Accountability Act (“HIPAA”) as well as state claims including Unfair and Deceptive Practice laws, Notice of Data Breach statutes, and state Personal Information Protection Acts.
Between May 7, 2015, and May 26, 2015, hackers infiltrated WebChart, a web application run by MIE. The hackers stole the electronic Protected Health Information (“ePHI”) of more than 3.9 million individuals – including individual names, telephone numbers, mailing addresses, usernames, hashed passwords, security questions and answers, spousal information (name and potentially dates of birth), email addresses, dates of birth, Social Security numbers, lab results, health insurance policy information, diagnosis, disability codes, doctors’ names, medical conditions, and children’s names and birth statistics.
Today’s filing marks the first time state attorneys general have joined together to pursue a HIPAA-related data breach case in federal court.
“We will always act to protect Hoosier consumers in cases such as this one,” Attorney General Hill said. “We make it our standard practice to pursue all penalties and remedies available under the law on behalf of our citizens, and we hope our proactive measures serve to motivate all companies doing business in Indiana to exercise the highest ethics and utmost diligence.”