Medical Informatics Engineering

A Fort Wayne, Indiana medical software company called Medical Informatics Engineering (MIE) announced on June 10, 2015 that a cyber attack on its main network and its NoMoreClipboard network were breached on May 7, 2015, but was not detected until May 26, 2015.

In a statement by MIE to its customers, the medical software company disclosed that on May 26, 2015 they became aware of suspicious activity on one of their main servers and immediately began investigating. The company’s main goal was to identify the security vulnerabilities and to rectify them in order to safeguard patient information. Medical Informatics Engineering brought in a third party cyber security firm to work with their internal team to investigate the attack and determine the areas of cyber security that needed to be enhanced to prevent any further breaches from occurring. It was also mentioned that MIE had reported the incident to the FBI’s cyber squad for investigation.

What they learned from their investigations was that although the breach began on May 7, 2015, it was not until May 26, 2014 when MIE’s monitoring systems began to detect the unauthorized access. The MIE breach was discovered relatively quickly in terms of other major healthcare records breaches such as Premera or BlueCross BlueShield, which went on for months or even years in some cases before being discovered. And while the discovery and eradication of the cyber intruders was rapid, it was not before the criminals were able to access the personal data of approximately 3.9 million individuals, which included:

  • Names
  • Date of birth
  • Social Security number
  • Addresses
  • E-mail addresses
  • Telephone numbers
  • Username
  • Hashed password
  • Security question and answer
  • Spousal information including date of birth
  • Health insurance policy numbers and information
  • Diagnosis
  • Lab results
  • Disability code
  • Treating physician’s name
  • Medical conditions
  • Child or children’s names and birthdates

Due to the serious nature of and the breadth of data that was breached in the Medical Informatics Engineering attack, the company offered two years of free credit monitoring and identity protection services to all those who were affected. This includes patient’s children who are 18 years of age and those under 18 who can be registered for the free services by their parent or guardian. In their notification statement, MIE advises individuals as to how they can avoid identity theft and fraud and provides numerous resource links to help people navigate through the difficulties this breach may cause them.

In June 2015, Medical Informatics Engineering began contacting its clients individually to inform them of the seriousness of data breach. And on July 17, 2015 the company began mailing notification letters to individuals affected by the breach, as is required by state and federal laws. MIE was also required by law to report the incident to consumer credit reporting agencies and to state and federal regulators.

A list of the healthcare providers that are clients of MIE, who may have been compromised include:

  • Concentra
  • Allied Physicians, Inc. d/b/a Fort Wayne Neurological Center
  • Franciscan St. Francis Health Indianapolis
  • Gynecology Center, Inc. Fort Wayne
  • Rochester Medical Group
  • RediMed
  • Fort Wayne Radiology Association, LLC d/b/a Nuvena Vein Center and Dexa Diagnostics
  • Open View MRI, LLC
  • Breast Diagnostic Center, LLC
  • P.E.T. Imaging Services, LLC
  • M.R.I. Center, Fort Wayne Radiology, Inc. (f/k/a Advanced Imaging Systems, Inc.)

The following information was taken directly from MIE’s statement on their website:

Individuals who received services from Fort Wayne Radiology Association, Open View, Breast Diagnostic Center, PET Imaging or MRI Center during the period of time from January 1, 1997 to May 26, 2015 may be affected. The database relating to these healthcare providers was accessed on May 26, 2015. Individuals may also visit the providers’ websites, which may be accessed at www.fwradiology.com, for information on this incident. Affected individuals may include, along with potential others, individuals who received radiology services during this time at any of the organizations identified below:

Accustat Medical Lab, Inc. Indianapolis, IN
Allergy & Asthma Center Fort Wayne, IN
Associated Physicians & Surgeons Clinic, LLC Terre Haute, IN
Ball Memorial Hospital Muncie, IN
Bedford Regional Medical Center Bedford, IN
Cameron Memorial Community Hospital Angola, IN
Central Indiana Orthopedics, PC Muncie, IN
Community Memorial Hospital Hicksville, OH
Ear, Nose & Throat Associates Fort Wayne, IN
Family Medicine Associates, Jerry Sell, M.D. Rockford, OH
First Care Family Physicians Fort Wayne, IN
Fort Wayne Medical Oncology & Hematology Fort Wayne, IN
Gary Pitts, M.D. Warsaw, IN
Indiana Urgent Care Centers, LLC Indianapolis, IN
Indiana University Health Center Bloomington, IN
Jasper County Hospital Rensselaer, IN
Manchester Family Physicians North Manchester, IN
MedCorp Toledo, OH
Meridian Health Group Carmel, IN
Nationwide Mobile Imaging Fort Wayne, IN
Neighborhood Health Clinic Fort Wayne, IN
Orthopedics Northeast Fort Wayne, IN
Parkview Regional Medical Center Fort Wayne, IN
Parkview Hospital Fort Wayne, IN
Parkview Ortho Hospital Fort Wayne, IN
Parkview Heart Institute Fort Wayne, IN
Parkview Women & Children’s Hospital Fort Wayne, IN
Parkview Noble Hospital Kendallville, IN
Parkview Huntington Hospital Huntington, IN
Parkview Whitley Hospital Columbia City, IN
Parkview LaGrange Hospital LaGrange, IN
Parkview Physicians Group
Parkview Occupational Health Centers
Paulding County Hospital Paulding, OH
Prompt Care Express Coldwater, MI; Sturgis, MI
Public Safety Medical Services Indianapolis, IN
Purdue University Health Center W. Lafayette, IN
Southwestern Medical Clinics Berrien Springs, MI
Tri-State Medical Imaging Angola, Indiana
Union Associated Physicians Clinic Terre Haute, IN
U.S. Healthworks Medical Group of Indiana Elkhart, IN
Van Wert County Hospital Van Wert, OH
Wabash County Hospital Wabash, IN
Wabash Family Care Wabash, IN

 

We take the security of health information very seriously and understand that such incidents cause real concern. We apologize sincerely and thank our customers for their continued loyalty and patience as we work through this challenge.

 

Additional Resources About This Breach:

http://wane.com/2015/07/28/software-company-sends-letters-to-people-impacted-by-security-breach/

http://www.databreaches.net/medical-informatics-engineering-hacked-patient-info-involved/

http://www.nbcnews.com/tech/security/medical-informatics-engineering-hack-exposed-data-3-9-million-people-n403351

https://www.mieweb.com/notice/

Have You Been Hacked?

*Cyber breach data provided by Have I Been Pwned

Enter your email or username to see if your information was compromised.

Have You Been Hacked?