DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Update on Medical Informatics Engineering breach (update3)

Posted on July 24, 2015 by Dissent

I’ve previously reported on the breach at Medical Informatics Engineering that affected a number of their Medical Informatics Engineering and NoMoreClipboard clients.

Today, they provided an update on the breach. Much of it is a rehash of the previous notification, but there are some additional details on the types of information compromised:

The affected data relating to individuals affiliated with affected Medical Informatics Engineering clients may include an individual’s name, telephone number, mailing address, username, hashed password, security question and answer, spousal information (name and potentially date of birth), email address, date of birth, Social Security number, lab results, health insurance policy information, diagnosis, disability code, doctor’s name, medical conditions, and child’s name and birth statistics. The affected data relating to individuals who used a NoMoreClipboard portal/personal health record may include an individuals’ name, home address, Social Security number, username, hashed password, spousal information (name and potentially date of birth), security question and answer, email address, date of birth, health information, and health insurance policy information.

Individuals who are affected should have received letters or will be receiving them shortly if the vendor has a valid postal address for you:

Notification

On June 2, 2015, we began contacting and mailing notice letters disclosing this incident to affected NoMoreClipboard and Medical Informatics Engineering clients.

On July 17, 2015, we began mailing notice letters to affected individuals for whom we have a valid postal address through U.S. mail, and we expect those letters to be mailed on or before July 25, 2015. Information contained in the notice letter is available at www.mieweb.com and www.NoMoreClipboard.com. We have also disclosed this incident to certain state and federal regulators and to the consumer reporting agencies.

As noted previously, the firm is offering two years of credit monitoring and identity theft protection services.

The incident is still not up on HHS’s public breach tool, so we don’t have a total number affected yet.

Update July 25: Expect to see even more media coverage now that letters are starting to hit. Today, for example, I saw this report on Hutchinson Regional Medical Center in Kansas and this one on Margaret Mary Community Hospital  in Indiana.

Update July 28: Medical Informatics’ correspondence with the New Hampshire Attorney General’s Office can be found here.

Update July 30: Now this is smart: Franciscan Alliance, hearing that their patients were having hassles with the phone hotline and the Experian sign-up, posted something on their site specifically for their patients to tell them how to sign up successfully and to tell them that they had already spoken with the hotline about adding more operators to handle although the calls. They also provided their own FAQ to make sure patients understood how and why MIE had their information.

Even though MIE is doing the notifications, staying on top of them to make sure that your patients are being assisted during this stressful time and experience is so important. Well done, Franciscan Alliance.

Category: Business SectorHealth DataOf NoteSubcontractorU.S.

Post navigation

← European Central Bank website hacked, extortion attempt
King’s College London student data breach results in underaking →

37 thoughts on “Update on Medical Informatics Engineering breach (update3)”

  1. Anonymous says:
    July 27, 2015 at 5:16 pm

    I will not disclose my name and or email address inasmuch my health care providers apparently have not been affected, or, you have omitted to list them. It goes without saying that I will not list them, I will pursue a separate avenue of investigation that I have employed successfully in the past. If you feel that our data has been compromised, you may wish to communicate the last two digits of my SSN, and the same for my home address: This system has been most successful to ferret out perpetrators, or, negate the sordid threat of having been hacked. I have comunicated your letter to the hospital that we have used without any problems, they will challenge local authorities to followup. For your info I am an international consultant, specialized in such type of investigations.

    1. Also Anonymous says:
      July 29, 2015 at 10:15 am

      You idiots! You recruit a EXPERIAN? They try calling their “we’re here for you” telephone number, 866-579-4461. “We are experiencing higher than normal calls at this time. Please call later or on another day” CLICK!

      You SUCK MIE. I’ve wasted an hour on their stupid login. The system dumps you out and then you have to start all over. Your stupid letter is from an entity that we don’t have any business with. You bury the affected business name deep in your communication, and then say you are passing our ‘safety’ off to Experian, and then provide a link to yet another website, which says they are an affililated company of Experian. So far I see that you have involved 5 entities. Too many names. The interface is of the style that you saw 10 or 15 years ago. Experian Sucks, and you suck for hiring them.

      1. Dissent says:
        July 29, 2015 at 7:20 pm

        There’s a lot of frustration and anger out there now…

  2. Anonymous says:
    July 29, 2015 at 4:32 am

    Why and how does MIE have my info? Live out west and rarely visit doctors–dentist and eyes in last year and half. I’m confused and concerned. Also, followed directions to enroll in Protectmyid to no avail. What the h&^%!?

    1. Dissent says:
      July 29, 2015 at 7:56 am

      Read George Jenkin’s post on his experience trying to find out how they got his wife’s information. George also has a complete list of MIE/NoMoreClipboard clients who were affected. If you look at that list, maybe you’ll recognize a provider you used at some point?

      You can also call their hotline and ask them how MIE/NMC got your information.

      I’m not sure about the problems you had enrolling in ProtectMyID. That site is not maintained by MIE, but by Experian. If you’re having trouble with that site, contact them.

      1. Anonymous says:
        July 29, 2015 at 1:20 pm

        My info was hacked. Called MIE’s “hotline”. Took 4 tries to reach a representative. Was told that they had “all of it” when I asked specifically what medical data was hacked. Good that MIE is offering 2 years’ coverage through Experian, but it does not insure against fraudulent billing on other activity involving ALL of my health care information. Creepy……

        1. Dissent says:
          July 29, 2015 at 7:19 pm

          You raise an excellent point. You need to remain vigilant by checking your EOB statements from your insurer if your insurance number was involved in the breach at all.

      2. Dana says:
        July 29, 2015 at 3:38 pm

        Thank you, Dissent. You’ve provided me with great information and a path to follow (and nope, did not recognize any of the providers on that inclusive list). I’m thinking I Experian may not be that viable of an option at this point. Finally, may I just add that I like and admire your style.

        1. Dissent says:
          July 29, 2015 at 7:16 pm

          You’re very welcome. If the Experian service doesn’t cost you anything, you might want to consider it if your SSN or identity info were involved.

      3. Not Disclosed says:
        July 30, 2015 at 12:38 pm

        The letter I received yesterday does not mention anything about PHI being compromised. Yet, if what is being reported in this blog is true, then the company is in gross violation of HIPAA. They are required to spell out in detail types of information that was disclosed. My letter states my “SSN, Birth Date, Address, Phone, and e-mail” How is that anyway close to what was really taken???? !!!!!!!!!

        1. Dissent says:
          July 30, 2015 at 12:47 pm

          The type of information involved varies by individual and client. It’s the client who determines what kind of info MIE/NMC was storing for them.

          If MIE/NMC had your health information caught up in the breach, they would disclose that in your individualized notification. Other people are getting letters that list different types of info for them.

          Having the SSN is bad enough for you to take this all seriously and take steps to protect yourself.

  3. Ugh says:
    July 29, 2015 at 7:47 am

    Ah, the joys of “cloud” based computing. It’s always a great idea to stick extremely personal data on systems that have an attack surface of the moon.

  4. Brian Scraggs says:
    July 29, 2015 at 1:46 pm

    have received the letter with the code and the engagement code to activate the free credit monitoring. The problem is that neither one of the codes works at protect my id. The phone numbers that you need to call are robo answering machines that keep you going on an endless loop and will not provide you with the service promised. What service are they providing?

    1. Dissent says:
      July 29, 2015 at 7:18 pm

      Their phone lines are probably overloaded. This happens in massive breaches where everyone gets notified at around the same time. Wait a few days and try again if you can’t get through. In the meantime, consider putting an alert or freeze on your credit report if you don’t anticipate needing to open any new accounts in the near future.

    2. joe says:
      August 2, 2015 at 1:22 pm

      after calling 5 different phone numbers for an hour I finally got a real person after being put on hold numerous times I got a new activation number and confirming I was on the correct page they had me try again but it said the number was not valid now tell me to try later or call another and set it up over the phone the number still don’t work and its back to calling and trying to get thru before my phone battery goes dead

      1. Dissent says:
        August 2, 2015 at 5:40 pm

        I don’t want to invade your privacy, but if you’re a patient of Franciscan Alliance, they’ve set up a second phone number for their patients to get help and assistance from Experian. If you’re one of their patients, see this notice for the phone number: http://www.franciscanalliance.org/miebreachfaq/pages/default.aspx

  5. Ivan says:
    July 29, 2015 at 5:23 pm

    OK, this is the second data breach letter I have gotten in the last 6 months.
    I work in the IT business and yes for healthcare as well, so I know what the government requirements are to safeguard personal information.

    What I don’t get is why are the companies getting away with offering 2 years of protection as my SSN and birthday will never change in my lifetime.
    How can we request companies that deal with this kind of information to provide lifetime protection and have to budget that. It’s too easy for them getting away with lack of security. If you want to deal in that environment, you need to be able to protect all the data and be able to stand by it.

    1. Dissent says:
      July 29, 2015 at 7:15 pm

      I’ve argued (futilely) for years now that all companies should form a pool and provide all consumers ongoing protection and monitoring.

      Unfortunately, I do not rule the world.

      Yet.

      1. Dana says:
        July 29, 2015 at 9:48 pm

        Dissent (space, space, space) “Yet.” You crack me up! So you think I’d benefit if I enroll with Experian? Should I attempt to find out how/why MIE has my info or doesn’t that matter anymore…? I know my questions are rather simplistic, but I am not at all savvy with any of this breach/security/ID theft garbage and I appreciate any and all input very much.

        1. Dissent says:
          July 29, 2015 at 10:30 pm

          Yes, if you do not already have any credit monitoring protection, it would be good to take advantage of the free offer. You should also consider contacting one of the “Big 3” credit reporting companies (Equifax, Experian, TransUnion) and placing an alert on your credit report. Just tell them that you were notified your identity information was stolen. If you don’t need to open any new accounts soon, the alert will give you additional protection at no cost to you. That alert can be renewed every 90 days if you continue to fear you are at risk.

          See the FTC’s site and Privacy Rights Clearinghouse site for other tips on how to protect yourself.

          1. Dana says:
            July 29, 2015 at 10:48 pm

            Thank you yet again—You’re very good to me! And I shall heed your sensible and practical advice.

      2. Roger says:
        July 30, 2015 at 8:14 am

        You take this as a joke? Dont rule world yet!! You guys compromise my info and get experian ( who also sells info ) to show me all the things “I” need to babysit for who knows how long. I would prefer a true identity theft company to babysit my cyber info that you have failed to protect. I feel that I do not have the time or knowledge to fully cover all my bases. How much should I charge you guys for the hours and stress I am going to incur during this matter? I am truely concerned and would appreciate your reply without a arrogant or smart… Answer.

        1. Dissent says:
          July 30, 2015 at 12:43 pm

          “You guys?” Who the hell do you think you’re talking to? I’m a data breach blogger, and I didn’t compromise your info or fail to protect it or do a damned thing to you other than to report on and comment on the breach. If you don’t like my humor or comments, go find another site or blog and post your comments there.

          1. Another Roger says:
            July 30, 2015 at 4:06 pm

            Well said. I appreciate your blog, even with the humor

          2. Anon2 says:
            August 1, 2015 at 2:55 pm

            I appreciate humor as much as the next person. But, i think right now is not really the time for that Dissent and feel it is a little unprofessional of you to tell others to go to another site. now as for comments we are all enititled to an opinion even if people disagree with them but i do thank you for reporting on this and keeping us updated as well.

          3. Dissent says:
            August 1, 2015 at 4:56 pm

            No, I don’t think you really do appreciate humor as much as the next person if you’re suggesting that no one can laugh or make a self-deprecating joke while discussing a breach.

            Bottom line: this is a non-commercial site that I pay for and donate my time to as a resource for others. I don’t owe you or anyone else anything other than to try to report accurately on breaches. I don’t even have to allow comments under each post, but I do so to allow people to vent and to try to answer their questions if they don’t know what to do. And if I feel like cracking a joke or engaging in morbid humor at times, I will. And if my humor offends, then ignore it, or go elsewhere. It really is as simple as that.

            You’ve had your say, and I’ve allowed it, but this conversation is over.

        2. Debra Clark says:
          July 30, 2015 at 1:04 pm

          I have had lifelock for over a year now….it makes me feel MUCH more secure and is what you were saying you wanted. Just an fyi.

          1. Dissent says:
            July 30, 2015 at 2:42 pm

            You do know that LifeLock has been charged by the FTC for failing to live up to its promises, right? If you don’t know, see this post: http://www.databreaches.net/ftc-takes-action-against-lifelock-for-alleged-violations-of-2010-order/

  6. Suspicious says:
    July 29, 2015 at 6:42 pm

    Why do I have a strong sense that the goal here is to lead people to ‘free’ credit monitoring that will turn into charged renewals and developing targets for ongoing services? It seems fishy to me. Anyone else feel like MIE and the Security service companies are in this together?

    1. Dissent says:
      July 29, 2015 at 7:23 pm

      I’m pretty sure that MIE would prefer NOT to have to pay for the Experian service but are doing it to mitigate the harm done and possibly (likely) also for litigation defense. Using Experian after a breach is very common in this country.

      1. Suspicious says:
        July 30, 2015 at 9:30 am

        Yes, it is common… and who is making all the money? Experian and companies like them. Follow the money. We don’t know that the 2 years of free Experian wasn’t paid for as an investment by Experien. This also explains why someone who compromised your lifetime identity can get away with only 2 years free support offers.

  7. Jim says:
    July 29, 2015 at 9:32 pm

    Just received the letter and find in most disturbing. I have not been to a doctor or hospital in five years, live on the west coast, yet some little company in Indiana has all this information on me. What happened to Hippa requirements on safeguarding my data. I want to understand, why they have my data, where they got it from, and why.

    1. Dissent says:
      July 29, 2015 at 10:26 pm

      They have your data because someone you did see either contracted with them directly or contracted with another contractor who then contracted with them. Under HIPAA, you have a right to request information as to whom your records have been disclosed to, but it sounds like you don’t know where to start. So you can call MIE’s “hotline” number on the letter and ask the representative where MIE got your info, and then start working backwards. Good luck!

      1. Jim says:
        July 29, 2015 at 10:51 pm

        Thanks for the information. Still don’t have an idea of where they got my information unless they got it from my employer, or employer’s insurance provider. If that is the case, we have 300,000 employees, Fortune 500 company… Thanks again…. Will call them tomorrow to find out why they have my data

    2. Dana says:
      July 29, 2015 at 10:56 pm

      Man-o-man, Jim—maybe we were separated at birth…! Live in the west, no doctor visits in forever and wondering how the hell I made it on a list in the Midwest and more importantly how do I extradite myself from this mess and avoid it in the future. Maybe we can update one another through these posts—-that is, should one of us actually manage to glean any pertinent info! All the best…

  8. Tim says:
    August 3, 2015 at 8:18 pm

    I just spoke with the MIE helpline and was told (after I complained about the 2 year coverage with Experian) that they would continue with free coverage for as long as an individual requested/renewed the service… I asked when they would make that bit of information public and the rep replied that she did not know, but that it was currently in their script… Anyone else hear about this?

    1. Dissent says:
      August 4, 2015 at 7:25 am

      That’s the first I’m hearing of that. I hope others also inquire and share the responses they get.

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon
  • US govt login portal could be one cyberattack away from collapse, say auditors
  • Two Men Sentenced to Prison for Aggravated Identity Theft and Computer Hacking Crimes
  • 100,000 UK taxpayer accounts hit in £47m phishing attack on HMRC
  • CISA Alert: Updated Guidance on Play Ransomware
  • Almost one year later, U.S. Dermatology Partners is still not being very transparent about their 2024 breach

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant
  • US State Dept. says silence or anonymity on social media is suspicious

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.
Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report