Attorney General Curtis Hill announced this week that a U.S. district court judge has signed a consent judgment negotiated between 16 state attorneys general and a Fort Wayne web-based electronic health records company that allegedly sustained a data breach compromising the data of more than 3.9 million people.
In December of 2018, Indiana led a multistate lawsuit against the company – Medical Informatics Engineering Inc. and NoMoreClipboard LLC (collectively “MIE”). This case was the nation’s first-ever multistate lawsuit involving a HIPAA-related data breach.
With the signing of the consent judgment, the 16 States will receive $900,000 in payments due to the defendants’ conduct. Indiana’s share is $174,745.29.
The lawsuit resolved allegations that MIE violated provisions of the Health Insurance Portability and Accountability Act (“HIPAA”) as well as state claims including Unfair and Deceptive Practice laws, Notice of Data Breach statutes, and state Personal Information Protection Acts. Attorney
Between May 7, 2015, and May 26, 2015, hackers infiltrated WebChart, a web application run by MIE. The hackers stole the electronic Protected Health Information (“ePHI”) of more than 3.9 million individuals
General Hill stated that MIE has cooperated with his office from the very beginning of the investigation into the hacking incident.