A federal lawsuit has been filed by Nebraska and ten other states against a web-based electronic health record company, alleging the Indiana company violated federal and state regulations in a data breach affecting nearly four million people.
The Attorney General’s office filed the complaint in federal court in Indiana against Medical Informatics Engineering and NoMoreClipboard (collectively “MIE”) a web-based electronic health record company headquartered in Fort Wayne, Indiana.
The states allege the company violated provisions of the Health Insurance Portability and Accountability Act as well as state regulations.
The lawsuit claims that between May the 7th and May the 26th in 2015, hackers broke into the web application run by MIE. Hackers stole the electronic medical records of more than 3.9 million individuals, including individual names, telephone numbers, mailing addresses, usernames, hashed passwords, security questions and answers, spousal information (name and potentially dates of birth), email addresses, dates of birth, Social Security numbers, lab results, health insurance policy information, diagnoses, disability codes, doctors’ names, medical conditions, and children’s names and birth statistics.
“State attorneys general play a critical role in safeguarding the privacy and personal information of consumers,” Attorney General Scott Peterson said in a written statement released by his office. “I take this obligation seriously and today’s action serves as a reminder that the business community must take their obligations to protect consumers’ personal information seriously as well.”