Medical Informatics Engineering notifies Patients of a Data Security Compromise

FORT WAYNE, Ind.--()--On behalf of itself and its affected clients, Medical Informatics Engineering is writing to provide notice of a data security compromise that has affected the security of some protected health information relating to certain patients affiliated with certain Medical Informatics Engineering clients. We emphasize that the patients of only certain clients of Medical Informatics Engineering were affected by this compromise and those clients have all been notified. Clients include: Concentra, Fort Wayne Neurological Center, Franciscan St. Francis Health Indianapolis, Gynecology Center, Inc. Fort Wayne, and Rochester Medical Group.

On May 26, 2015, Medical Informatics Engineering discovered suspicious activity relating to one of its servers. Medical Informatics Engineering immediately began an investigation to identify and remediate any identified security vulnerability. Medical Informatics Engineering’s team, including independent third-party forensics experts, has been working continuously to investigate the attack and enhance data security and protection. On May 26, 2015, Medical Informatics Engineering also reported this incident to law enforcement including the FBI Cyber Squad. Law enforcement is actively investigating this matter, and Medical Informatics Engineering is cooperating with law enforcement’s investigation. Medical Informatics Engineering’s forensic investigation indicates the unauthorized access to our network began on May 7, 2015. The investigation indicates this is a sophisticated cyber attack.

Compromised information

While investigations into this incident are ongoing, Medical Informatics Engineering determined the security of some protected health information contained on Medical Informatics Engineering’s network has been affected. The protected health information affected by this incident relates to patients affiliated with certain Medical Informatics Engineering clients identified above and may include the patient’s name, mailing address, email address, date of birth, and for some patients a social security number, lab results, dictated reports, and medical conditions. No financial or credit card information has been compromised, as we do not collect or store this information.

Medical Informatics Engineering also determined that this cyber attack compromised protected health information for its NoMoreClipboard subsidiary. Separate notice is being issued for affected clients and patients associated with NoMoreClipboard.

Notification

On June 2, 2015, Medical Informatics Engineering began contacting and mailing notice letters disclosing this incident to affected Medical Informatics Engineering clients.

Affected patients for whom Medical Informatics Engineering has a valid postal address will be notified of this incident through U.S. mail. The same information contained in the notice letter will also be available at the Medical Informatics Engineering website – www.mieweb.com. Medical Informatics Engineering will also be disclosing this incident to certain state and federal regulators.

Identity protection services

As the investigations continue, and out of an abundance of caution, Medical Informatics Engineering is offering credit monitoring and identity protection services to affected patients, free of charge, for the next 24 months.

Medical Informatics Engineering has established a toll-free call center to answer questions relating to this data security event and the support and services being provided.

Fraud prevention tips

Medical Informatics Engineering suggests that affected patients remain vigilant and seek to protect against possible identity theft or other financial loss by reviewing account statements, notifying their credit card companies, healthcare providers, and insurers of the data compromise, and monitoring their credit reports. Affected patients may also review Explanation of Benefits statements for irregularities. If an individual does not receive regular Explanation of Benefits statements, he or she can contact his or her health plan and request them to send such statements following the provision of services.

Under U.S. law, patients are entitled to one free credit report annually from each of the three major credit bureaus. To obtain a free credit report, visit www.annualcreditreport.com or call, toll-free, (877) 322-8228.

At no charge, potentially affected patients can also have these credit bureaus place a "fraud alert" on their files that alerts creditors to take additional steps to verify their identity prior to granting credit in their names. Please note, however, that because it tells creditors to follow certain procedures to protect the individual’s credit, it may also delay the ability to obtain credit while the agency verifies the individual’s identity. As soon as one credit bureau confirms an individual’s fraud alert, the others are notified to place fraud alerts on that individual’s file. Any individual wishing to place a fraud alert, or who has questions regarding their credit report, can contact any one of the following agencies: Equifax, P.O. Box 105069, Atlanta, GA 30348-5069, 800-525-6285, www.equifax.com; Experian, P.O. Box 2002, Allen, TX 75013, 888-397-3742, www.experian.com; or TransUnion, P.O. Box 2000, Chester, PA 19022-2000, 800-680-7289, www.transunion.com. Information regarding security freezes may also be obtained from these sources.

The Federal Trade Commission (FTC) also encourages those who discover that their information has been misused to file a complaint with them. To file a complaint with the FTC, or to obtain additional information on identity theft and the steps that can be taken to avoid identity theft, the FTC can be reached at: 600 Pennsylvania Avenue NW, Washington, D.C. 20580, or at www.ftc.gov/idtheft, or (877) ID-THEFT (877-438-4338); TTY: (866) 653-4261. This notice has not been delayed because of law enforcement; however, instances of known or suspected identity theft should be reported to law enforcement, the Attorney General in the individual’s state of residence, and the FTC. State Attorneys General may also have advice on preventing identity theft. Patients can also learn more about placing a fraud alert or security freeze on their credit files by contacting the FTC or their state's Attorney General. For North Carolina residents, the Attorney General can be contacted at 9001 Mail Service Center, Raleigh, NC 27699-9001, (919) 716-6400, www.ncdoj.gov. For Maryland residents, the Attorney General can be contacted at 200 St. Paul Place, 16th Floor, Baltimore, MD 21202, (888) 743-0023, www.oag.state.md.us. For Kentucky residents, the Attorney General can be contacted at 700 Capitol Avenue, Suite 118, Frankfort, Kentucky 40601-3449, 502-696-5389, www.ag.ky.gov.

Toll-free hotline

To better assist those who may potentially have been affected, Medical Informatics Engineering has established a confidential, toll-free hotline to answer questions. This hotline is available Monday through Friday, 9:00 a.m. to 9:00 p.m. E.T., and can be reached at (866) 328-1987. Affected patients can also visit www.mieweb.com for additional information and updates.

We take the security of health information very seriously and understand that such incidents cause real concern. We apologize sincerely and thank our customers for their continued loyalty and patience as we work through this challenge.

4814-1027-1524.1

Contacts

for Medical Informatics Engineering
Melanie Thomas, 202-390-7887
mthomas@informtheagency.com

Release Summary

MIE CYBERSECURITY EVENT NOTICE

Contacts

for Medical Informatics Engineering
Melanie Thomas, 202-390-7887
mthomas@informtheagency.com