Medical Information Engineering (MIE), a Fort Wayne, Ind.-based medical software company, is notifying customers of a cybersecurity incident that provided unauthorized access to its network and some patients' personal health information.
How many victims? Undisclosed
What type of personal information? Personal health information, including patients' names, mailing addresses, email addresses, dates of birth, some Social Security numbers, lab results, dictated reports and medical conditions
What happened? MIE detected suspicious activity on one of its servers, and its internal team, as well as third-party forensics experts, investigated the attack. Access to the company's network is thought to have began on May 7 of this year and was detected on May 26. Impacted MIE clients include Concentra, a Texas-based organization that runs more than 300 medical centers in 38 states, as well as Franciscan St. Francis Health Indianapolis, Rochester Medical Group in the Detroit area and various health centers in Fort Wayne, Ind. An MIE subsidiary, NoMoreClipboard, was also compromised.
What was the response? MIE began notifying its clients of the breach on June 2 and any impacted patients for whom the company has a mailing address will receive a notification in the mail. MIE has reported the incident to law enforcement and plans to notify state and federal regulators. The company is offering free credit monitoring and identity protection services for two years.
Quote: “Medical Informatics Engineering's team, including independent third-party forensics experts, has been working continuously to investigate the attack and enhance data security and protection.”
Source: mieweb.com, “Medical Informatics Engineering notifies individuals of a data security compromise,” June 10, 2015.