Chad Ryan | The Journal Gazette Lee Rottinghaus and her husband, Tim, have received notification from Medical Informatics Engineering stating that they were among the many customers of local medical agencies that contract with MIE who had their personal information compromised during a security breach in May.
Tuesday, March 15, 2016 11:59 pm
MIE faces second suit over hacking
Rebecca S. Green | The Journal Gazette
In less than a week, two groups of irritated and concerned patients who have found their data compromised in a security breach at a local medical information firm have sued the company in federal court.
On Tuesday, Rory Hill, Nicole Hill and Dawn McLaughlin sued Medical Informatics Engineering in the U.S. District Court in Fort Wayne, seeking class-action status in their lawsuit against the company.
Their lawsuit, filed on their behalf by Indianapolis law firm Price Waicukauski & Riley LLC, is the second against the company in the wake of a June announcement that hackers obtained sensitive medical and personal information stored by the Fort Wayne company.
The compromised data include patients’ names, Social Security numbers, birth dates, addresses and insurance information.
Last week, James Young filed the first suit, also in the U.S. District Court in Fort Wayne. He, too, sought class-action status for the lawsuit.
While Young filed the lawsuit using Indianapolis law firm Cohen & Malad LLP, in the week since the suit was filed, Fort Wayne law firm Haller & Colvin PC has signed on as local counsel, according to court records.
The lawsuits come after a May data breach at Medical Informatics Engineering and its personal health information management system, No More Clipboard. The health care information technology company reported the hack to the FBI on May 26 after staff alerted officials to an unusually high load on one of their computer servers.
And while the company recognized the attack as a severe one, the scope of it was not immediately known. Experts say nearly 4 million people are affected nationwide, including about 1.5 million Hoosiers. Hospitals and health networks, doctors and private practices affected are in several states.
In mid-July, medical consumers began receiving letters from the company, identifying which provider’s information was hacked and offering credit monitoring services.
The new lawsuit reads much the same as last week’s, accusing the company of negligence. The plaintiffs allege that MIE should have known the risks in collecting and storing such information and owed a duty to the plaintiffs to protect their data, according to court documents.
They allege that MIE failed to take steps to prevent and stop the data breach, failed to comply with industry standards for the safekeeping of such data and failed to properly implement technical systems or security practices, according to court documents.
"Given the risk involved and the amount of data at issue, MIE’s breach of its duties was entirely unreasonable," the attorneys wrote in the lawsuit.
Along with class-action status, the plaintiffs are seeking damages and expenses, according to court documents.