PHOENIX -- Attorney General Mark Brnovich announced that he, along with Attorneys General from 11 other states and commonwealths, has filed a Complaint in the U.S. District Court for the Northern District of Indiana against Medical Informatics Engineering, Inc. and NoMoreClipboard, LLC (collectively “MIE”), a web-based electronic health record company headquartered in Fort Wayne, Indiana.
Today’s filing marks the first time state Attorneys General have joined together to pursue a HIPAA-related multistate data breach case in federal court.
The Complaint alleges the company violated provisions of the Health Insurance Portability and Accountability Act (“HIPAA”) as well as state claims including Unfair and Deceptive Practice laws, Notice of Data Breach statutes, and state Personal Information Protection Acts.
According to the Complaint, between May 7, 2015, and May 26, 2015, hackers infiltrated WebChart, a web application run by MIE. The hackers purportedly stole the electronic Protected Health Information (“ePHI”) of more than 3.9 million individuals, including names, telephone numbers, mailing addresses, usernames, hashed passwords, security questions and answers, spousal information (name and potentially date of birth), email addresses, dates of birth, Social Security numbers, lab results, health insurance policy information, diagnoses, disability codes, doctors’ names, medical conditions, and children’s names and birth statistics.