Release date: 12/5/2018
(RALEIGH) Attorney General Josh Stein today announced that he has filed a complaint in the U.S. District Court for the Northern District of Indiana against Medical Informatics Engineering, Inc. (MIE) and NoMoreClipboard, LLC, a web-based electronic health record company headquartered in Fort Wayne, Indiana. The complaint alleges the company violated provisions of the Health Insurance Portability and Accountability Act (HIPAA) as well as unfair and deceptive practice laws, notice of data breach statute, and personal information protection laws. “Last year, more than 5.3 million North Carolinians were estimated to have been affected by a data breach,” said Attorney General Stein. “I expect this year’s number will also be troubling. We must do better at protecting people’s personal information – particularly health and other sensitive information.”
Between May 7, 2015, and May 26, 2015, hackers infiltrated WebChart, a web application run by MIE. The hackers stole more than 3.9 million individuals’ protected health information, including approximately 46,760 North Carolinians. Data at risk included names, telephone numbers, mailing addresses, usernames, hashed passwords, security questions and answers, spousal information (name and potentially date of birth), email addresses, dates of birth, Social Security numbers, lab results, health insurance policy information, diagnoses, disability codes, doctors’ names, medical conditions, and children’s name and birth statistics.
Attorney General Stein is joined by 11 other states and commonwealths in this action. This filing marks the first time state attorneys general have joined together to pursue a HIPAA-related data breach case in federal court.
Laura Brewer (919) 716-6484