A medical software company is notifying patients of the health care providers it serves—including Franciscan St. Francis Health in Indianapolis—that their private information may have been exposed when its networks were hacked, it said Wednesday.
Fort Wayne-based Medical Informatics Engineering said the attack on its main network and its NoMoreClipboard network began May 7 and wasn't detected until May 26. The exposed information includes names, addresses, birthdates, Social Security numbers and health records, it said.
Chief Operating Officer Eric Jones said in a telephone interview the number of affected patients has not been determined and he declined to speculate how many there might be.
In addition to Franciscan St. Francis, the company's clients include Texas-based Concentra, which operated more than 300 medical centers in 38 states, and Rochester Medical Group in the Detroit area. Other clients include Fort Wayne Neurological Center and Gynecology Center Inc. Fort Wayne.
MIE said it is offering credit monitoring and identity protection services to affected individuals, without charge, for the next 24 months. The company also created a toll-free call center at 866-328-1987 to answer questions about the attack and the support and services being provided.
The company said it is also working with a team of information technology security experts to enhance data security and protection.
FBI spokesman Joshua Campbell said in a written statement that "FBI cyber investigators are working to identify the nature and scope" of the attack.
"Individuals contacted by the company should take steps to monitor and safeguard their personally identifiable information, and report any suspected instances of identity theft to the FBI's Internet Crime Complaint Center at www.ic3.gov," the statement said.
MIE creates web-based software applications for health care providers for electronic medical records and personal health care records.