Goldman Scarlato & Penny has filed a complaint in the Northern District of Indiana on behalf of all persons and entities whose private information was compromised as a result of a data breach announced by Medical Informatics Engineering, Inc. (“MIE”) on June 10, 2015.
MIE is an information and technology company specializing in custom solutions to the maintenance of electronic healthcare records and employee health management IT services.
On June 10, 2015, MIE announced that its network had been hacked. On July 23rd, MIE updated that announcement, stating that the stolen information affected patients affiliated with MIE clients. The MIE data breach included names, social security numbers, telephone numbers, mailing addresses, usernames and passwords, security questions and answers, dates of birth, names and birth dates of spouses and children, and email addresses. The stolen medical information includes lab results, diagnoses, medical conditions, health insurance policy information, disability codes, and doctor’s names.
MIE claims that it initially discovered the MIE data breach on May 26, 2015, almost three weeks after the unauthorized access of its databases actually began on May 7th. Although MIE claims that it immediately began an investigation on May 26th “to safeguard the security of personal and protected health information,” and contacted the FBI, MIE waited until July 17th to begin mailing notices to those affected. During that extended time period, crucial private and personal data of almost 4 million people may have been compromised. It is common knowledge that a cyber-black market exists on which personal information is a valuable commodity. Had MIE notified affected persons sooner, putative Class Members might have taken steps to mitigate the harm.
Security experts suggest that MIE did not have adequate systems in place to prevent the breach. According to Josh Cannell, a malware intelligence analyst at Malwarebytes Labs, the fact that the hackers had access to MIE’s servers for three weeks before the breach was discovered suggests that the data wasn’t protected as well as it should have been.
Cannell also told a reporter for eSecurity Planet that “…it’s well known that cyber-criminals can use this information in many nefarious ways . . . the most obvious use . . . for identity theft, which can cause a lot of financial headaches that can last for many years. Another potential abuse . . . (is) spear-phishing . . . thus leading to a malware infection.”
According to MIE, numerous radiology services were impacted by the breach. The full list can be viewed on MIE’s website, https://www.mieweb.com/notice/. In addition, the following health care providers were affected, including the patients of these providers:
Allied Physicians, Inc. d/b/a Fort Wayne Neurological Center (including Neurology, Physical Medicine and Neurosurgery)
Franciscan St. Francis Health Indianapolis
Gynecology Center, Inc., Ft. Wayne
Rochester Medical Group
Fort Wayne Radiology Association, LLC including d/b/a Nuvena Vein Center and Dexa Diagnostics
Open View MRI, LLC
Breast Diagnostic Center, LLC
P.E.T. Imaging Services, LLC
MRI Center – Fort Wayne Radiology, Inc. d/b/a Advanced Imaging Systems, Inc.
Although MIE has offered two years of free credit monitoring, it is not enough. Credit monitoring services are insufficient because thieves in possession of a person’s social security number can assume a victim’s identity far into the future. Moreover, credit monitoring does not prevent credit card fraud, it merely informs consumers of the fraudulent opening of new accounts.
If you have been notified by MIE that your information was stolen or if you believe that you are a victim of the MIE data breach, please contact a GSP attorney to learn more about your rights. GSP attorneys are actively litigating data breach actions against Community Health Systems, Anthem, Premera, Intuit, United Shore and Target. Please contact Mark Goldman at firstname.lastname@example.org or Paul Scarlato at email@example.com or call (484) 342-0700 with any questions you may have.