Generic selectors
Exact matches only
Search in title
Search in content
Search in posts
Search in pages
our-team
practice-areas
investment-products

Investigations

Goldman Scarlato & Penny Investigating MIE Data Breach

Goldman Scarlato & Penny has filed a complaint in the Northern District of Indiana on behalf of all persons and entities whose private information was compromised as a result of a data breach announced by Medical Informatics Engineering, Inc. (“MIE”) on June 10, 2015.

MIE is an information and technology company specializing in custom solutions to the maintenance of electronic healthcare records and employee health management IT services.

On June 10, 2015, MIE announced that its network had been hacked. On July 23rd, MIE updated that announcement, stating that the stolen information affected patients affiliated with MIE clients. The MIE data breach included names, social security numbers, telephone numbers, mailing addresses, usernames and passwords, security questions and answers, dates of birth, names and birth dates of spouses and children, and email addresses. The stolen medical information includes lab results, diagnoses, medical conditions, health insurance policy information, disability codes, and doctor’s names.

MIE claims that it initially discovered the MIE data breach on May 26, 2015, almost three weeks after the unauthorized access of its databases actually began on May 7th. Although MIE claims that it immediately began an investigation on May 26th “to safeguard the security of personal and protected health information,” and contacted the FBI, MIE waited until July 17th to begin mailing notices to those affected. During that extended time period, crucial private and personal data of almost 4 million people may have been compromised. It is common knowledge that a cyber-black market exists on which personal information is a valuable commodity. Had MIE notified affected persons sooner, putative Class Members might have taken steps to mitigate the harm.
Security experts suggest that MIE did not have adequate systems in place to prevent the breach. According to Josh Cannell, a malware intelligence analyst at Malwarebytes Labs, the fact that the hackers had access to MIE’s servers for three weeks before the breach was discovered suggests that the data wasn’t protected as well as it should have been.

Cannell also told a reporter for eSecurity Planet that “…it’s well known that cyber-criminals can use this information in many nefarious ways . . . the most obvious use . . . for identity theft, which can cause a lot of financial headaches that can last for many years. Another potential abuse . . . (is) spear-phishing . . . thus leading to a malware infection.”

According to MIE, numerous radiology services were impacted by the breach. The full list can be viewed on MIE’s website, https://www.mieweb.com/notice/. In addition, the following health care providers were affected, including the patients of these providers:

Concentra
Allied Physicians, Inc. d/b/a Fort Wayne Neurological Center (including Neurology, Physical Medicine and Neurosurgery)
Franciscan St. Francis Health Indianapolis
Gynecology Center, Inc., Ft. Wayne
Rochester Medical Group
RediMed
Fort Wayne Radiology Association, LLC including d/b/a Nuvena Vein Center and Dexa Diagnostics
Open View MRI, LLC
Breast Diagnostic Center, LLC
P.E.T. Imaging Services, LLC
MRI Center – Fort Wayne Radiology, Inc. d/b/a Advanced Imaging Systems, Inc.

Although MIE has offered two years of free credit monitoring, it is not enough. Credit monitoring services are insufficient because thieves in possession of a person’s social security number can assume a victim’s identity far into the future. Moreover, credit monitoring does not prevent credit card fraud, it merely informs consumers of the fraudulent opening of new accounts.

If you have been notified by MIE that your information was stolen or if you believe that you are a victim of the MIE data breach, please contact a GSP attorney to learn more about your rights. GSP attorneys are actively litigating data breach actions against Community Health Systems, Anthem, Premera, Intuit, United Shore and Target. Please contact Mark Goldman at goldman@lawgsp.com or Paul Scarlato at scarlato@lawgsp.com or call (484) 342-0700 with any questions you may have.

In our legal system, every person is innocent until and unless found guilty by a court of law or a tribunal. Whenever we reference “allegations” or charges that are “alleged,” such allegations or charges have not been proven, and are merely accusations, not findings of fault, as of the date of the blog. We do not have, nor do we undertake, a duty to continue to monitor or follow cases about which we report, and/or to publish subsequent updates regarding various developments that may occur in such cases. Readers are encouraged to conduct their own research regarding any such cases and any developments that may or may not have occurred in such cases. Also, the brokercheck report linked to some of our blogs is the up-to-date version as of the date of posting. Visitors may check the most recent version of each brokercheck report at www.finra.org.

Leave a Reply