Abigail Ruhman reports:
Indiana Attorney General Todd Rokita is suing a northwest Indiana medical office over a ransomware event that put personal and protected health information at risk. The lawsuit alleges the provider was aware of security concerns before the data breach.
The lawsuit filed last week against CarePointe — an ear, nose, throat, sinus and hearing provider — claims it was aware of security risks prior to a ransomware event in 2021 that exposed the information of about 45,000 Indiana patients.
The lawsuit said an IT vendor identified security concerns in a written HIPAA risk assessment in January that year. That vendor was hired in March to address the issues, but they weren’t fixed before the data breach in June.
Read more at wvxu.