DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Medical Informatics sued by multiple states over 2015 breach

Posted on December 4, 2018 by Dissent

A 2015 hack of Medical Informatics stayed in the headlines for quite a while because it compromised the data, including health information, of 3.9 million people.  In addition to suits filed by consumers, state attorneys general have also sued the business associate, as Dave Gong reports:

Fort Wayne-based Medical Informatics Engineering Inc. failed to secure their computer systems, resulting in a data breach, which compromised the data of more than 3.9 million people, a 12-state lawsuit filed by Indiana Attorney General Curtis Hill alleges.

[…]

Other states involved in the litigation are Arizona, Arkansas, Florida, Iowa, Kansas, Kentucky, Louisiana, Minnesota, Nebraska, North Carolina and Wisconsin. Indiana’s portion was filed in the U.S. District Court for the Northern District of Indiana.

When looking at the claims, keep in mind 2015 standards.

“Defendants failed to implement basic industry-accepted data security measures to protect individuals’ health information from unauthorized access,” the lawsuit states. “Defendants set up a generic ‘tester’ account called ‘testing’ with a shared password of ‘testing.’ In addition to being easily guessed, these generic accounts did not require a unique user identification and password in order to gain remote access.”

According to the lawsuit, the company did not put in place an active security system to alert employees to possible hacking attempts. Additionally, the lawsuit contends that the company did not encrypt sensitive personal information within its own computer system, “a protection that, had it been employed, would have rendered the data unusable.”

Curiously, perhaps, the HHS breach tool lists the Medical Informatics breach under archived incidents or incidents older than 24 months, but they show no web description or outcome of any investigation.  Assuming for now that they even opened an investigation into this incident, is this still under investigation by HHS?

Read more on The Journal Gazette.

Related posts:

  • Update on Medical Informatics Engineering breach (update3)
Category: Health DataSubcontractorU.S.

Post navigation

← Caribbean Island Properties “pillaged” by TheDarkOverlord
Over 20,000 PCs infected with new ransomware strain in China →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.