by
Thomas Dworetzky, Contributing Reporter | August 07, 2015
A pair of lawsuits in a massive Indiana health care records hacking case is just the latest turmoil for health care providers facing an ongoing onslaught of black-hat thieves targeting the rich lode of EHR data.
The suits, filed in federal court, seek class action status over a digital break-in that exposed the private information of 3.9 million people's data, which was compromised by Medical Informatics Engineering, through its NoMoreClipboard subsidiary, and discovered in May,
according to the firm.
The compromised information includes patients' names, Social Security numbers, birth dates and addresses,
the Journal Gazette of Fort Wayne reported.
The company contacted the FBI's cyber unit in May and began reaching out to patients in mid-July. It also offered those potentially impacted credit monitoring services.
The data breach hit several health care providers, including: Concentra; Fort Wayne Neurological Center; Franciscan St. Francis Health in Indianapolis; Gynecology Center Inc. in Fort Wayne; Rochester Medical Group; RediMed; Fort Wayne Radiology Association LLC, including Nuvena Vein Center and Dexa Diagnostics; Open View MRI LLC; Breast Diagnostic Center LLC; P.E.T. Imaging Services LLC; and MRI Center-Fort Wayne Radiology Inc.,
according to MIE.
But to one plaintiff attorney, Richard Shevitz,
told ABC's RTV 6 in Indianapolis, "The monitoring needs to go on for many, many years. The dangers and risk of exposure and hacking like this can cause even young children to experience identity theft scenarios when they reach adulthood."
The first lawsuit was filed last week by one patient, James Young. The second was filed Tuesday by Rory Hill, Nicole Hill and Dawn McLaughlin. Both suits seek class action status for all patients whose records where involved in the breach,
according to the Fort Wayne Journal-Gazette.
The lawsuits accuse the company of negligence, alleging that Medical Informatics Engineering did not take sufficient action to block the data breach, didn't adhere to industry standards for protecting data, and also neglected to correctly employ systems or security sufficient to provide protections, according to court documents.
