Indiana medical firm sued by 12 states over data breach

A dozen states are suing an Indiana company over a data breach that compromised information of more than 3.9 million people.

The lawsuit was filed Monday against Fort Wayne-based Medical Informatics Engineering Inc. by Indiana, Arizona, Arkansas, Florida, Iowa, Kansas, Kentucky, Louisiana, Minnesota, Nebraska, North Carolina and Wisconsin.

According to the suit, hackers in 2015 stole protected health information from MIE, which provides web-based electronic health records services to medical providers. The hacked data included personal health information and identity information, such as addresses, telephone numbers and Social Security numbers.

The lawsuit alleges that MIE failed to implement industry-accepted data security measures to protect its computer system from hackers.

Swanson says patients "expect health companies to protect the privacy of their electronic health records."

MIE did not immediately return a request for comment Monday.

“We will always act to protect Hoosier consumers in cases such as this one,” Attorney General Hill said in a written statement about the lawsuit. “We make it our standard practice to pursue all penalties and remedies available under the law on behalf of our citizens, and we hope our proactive measures serve to motivate all companies doing business in Indiana to exercise the highest ethics and utmost diligence.”

Please enable JavaScript to view this content.

Editor's note: You can comment on IBJ stories by signing in to your IBJ account. If you have not registered, please sign up for a free account now. Please note our updated comment policy that will govern how comments are moderated.

{{ articles_remaining }}
Free {{ article_text }} Remaining
{{ articles_remaining }}
Free {{ article_text }} Remaining Article limit resets in {{ count_down }} days.