Release date: 5/23/2019
(RALEIGH) Attorney General Josh Stein today announced that North Carolina and 15 other states have reached a $900,000 settlement with Medical Informatics Engineering, Inc. in the first multistate lawsuit involving a HIPAA-related data breach.
“MIE’s data breach put people’s personal information – especially sensitive details about their health – at risk,” said Attorney General Josh Stein. “My office will continue to hold businesses and individuals accountable when they fail to protect people’s personal data.”
The settlement resolves a December 2018 lawsuit alleging that Medical Informatics Engineering and a second company, NoMoreClipboard, LLC, collectively known as MIE, violated the Health Insurance Portability and Accountability Act (HIPAA), unfair and deceptive practice laws, notice of data breach statutes, and state personal information protection laws.
Between May 7, 2015, and May 26, 2015, hackers infiltrated WebChart, a web application run by MIE. The hackers stole the electronic Protected Health Information of more than 3.9 million individuals. This data included individual names, telephone numbers, mailing addresses, usernames, hashed passwords, security questions and answers, spousal information (name and potentially dates of birth), email addresses, dates of birth, Social Security numbers, lab results, health insurance policy information, diagnoses, disability codes, doctors’ names, medical conditions, and children’s names and birth statistics.
Attorney General Stein is joined in reaching today’s settlement by the Attorneys General of Indiana, Arizona, Arkansas, Connecticut, Florida, Iowa, Kansas, Kentucky, Louisiana, Michigan, Minnesota, Nebraska, Tennessee, West Virginia, and Wisconsin.
A copy of the consent judgment is available here.
Contact:
Laura Brewer (919) 716-6484
###