Dedicated to providing the latest
HIPAA compliance news

New Information Released on Medical Informatics Engineering Data Breach

Share this article on:

Back in June we reported on a data breach that affected clients of NoMoreClipboard, although at the time few details were made available. This week, further information was released on the security breach.

The latest announcement does not add a great deal of new information. The data fields exposed in the breach have now been confirmed, and an updated list of NoMoreClipboard clients affected has also been announced.

Hackers Gained Access to Data for 19 Days – 239 Clients Affected

 

NoMoreClipboard runs MyKSHealth eRecord, which was infiltrated by hackers on May 7, 2015. Access to the records continued for 19 days until May 26, when the breach was discovered and access to the database was shut down.

The data understood to have been exposed in the incident includes patient names, addresses, email addresses, dates of birth, Social Security numbers, usernames, hashed passwords, security questions and answers, spouse names, in some cases, spouses’ dates of birth. Health information and health insurance details were also exposed.

Some healthcare providers have started issuing announcements alerting patients to the breach. Hutchinson Regional Medical Center in Kansas and Margaret Mary Community Hospital in Indiana have already announced that some of their patients have been affected, as has Concentra.

The total number of victims has now been confirmed as 3.9 million, according to the Department of Health and Human Services’ Office for Civil Rights website. Concentra also announced approximately 10,000 of its patients have been affected. Concentra is just one of many healthcare providers that Medical Informatics Engineering counts among its clients. Numerous other healthcare providers are expected to issue similar announcements in the coming days.

It has just taken some time for full details of the breach to be announced, as the investigation has taken some time. That investigation is still ongoing; however breach notification letters have now been sent to affected individuals. The first of the letters were sent to affected individuals on June 2, 2015. The majority of breach victims should now have received notification letters, provided they supplied a valid postal address.

Breach Notification Letters Have now Been Sent to Affected Individuals

 

In a press release issued on Thursday, NoMoreClipboard said “On June 2, 2015, we began contacting and mailing notice letters disclosing this incident to affected NoMoreClipboard and Medical Informatics Engineering clients.” It went on to say, “On July 17, 2015, we began mailing notice letters to affected individuals for whom we have a valid postal address through U.S. mail, and we expect those letters to be mailed on or before July 25, 2015.”

All individuals affected by the breach are being issued with 2 years of credit monitoring and protection services without charge. These services are being offered “out of an abundance of caution,” however victims should note that there is a considerable risk of the data being used to commit fraud. The data fields exposed would allow a criminal to defraud victims in a number of different ways. Identities could be stolen, false tax returns filed, credit obtained in victims’ names and bogus insurance claims could be filed. It is therefore imperative that victims sign up for the credit monitoring services being provided, place alerts with each of the credit monitoring agencies, and check Explanation of Benefits statements carefully for signs of fraudulent activity.

It has taken almost two months for breach notification letters to be issued; although this has happened within the timescale allowed by the Health Insurance Portability and Accountability Act (HIPAA). The data breach was highly sophisticated in nature. Because of the complexity of the attack, and the volume of clients affected, the breach response has taken some time to orchestrate.

The full list of affected clients has now been issued, which include the following 239 healthcare providers:

 

Accustat Medical Lab, Inc, IN Highgate Clinic Parkview Huntington Hospital, IN
Advanced Cardiac Care Hobart Family Medical Clinic Parkview LaGrange Hospital, IN
Advanced Foot Specialists Howard Stierwalt, M.D. Parkview Noble Hospital, IN
All About Childrens Pediatric Partners, PC Howard University Hospital Parkview Occupational Health Centers
Allen County Dept of Health Hudson Essex Nephrology Parkview Ortho Hospital, IN
Allergy & Asthma Center, IN Huntington Medical Associates Parkview Physicians Group
Allied Physicians, Inc. d/b/a Fort Wayne Neurological Center Huntington Medical Group Parkview Regional Medical Center, IN
Altagracia Medical Center Hutchinson Regional Medical Center Parkview Whitley Hospital, IN
Anderson Family Medicine Idaho Sports Medicine Institute Parkview Women & Children’s Hospital, IN
Arkansas Otolaryngology, P.A. In Step Foot & Ankle Specialists Parrott Medical Clinic
Associated Physicians & Surgeons Clinic, LLC, IN Independence Rehabilitation Inc Partners In Family Care
Auburn Cardiology Associates Indiana Endocrine Specialists Paulding County Hospital, OH
Ball Memorial Hospital, IN Indiana Internal Medicine Consultants Personalized Health Care Of Tucson
Basedow Family Clinic Inc. Indiana Ohio Heart Phillips County Hospital
Bastrop Medical Clinic Indiana Surgical Specialists Physical Medicine Consultants
Batish Family Medicine Indiana University Physicians of North Worchester County
Beaver Medical Indiana University Health Center Practice Associates of Huntington
Bedford Regional Medical Center, IN Indiana University Health Center, IN Precision Weight Loss Center
Boston Podiatry Services PC Indiana Urgent Care Centers, LLC, IN Primary & Alternative Medical Center
Brian Griner M.D. Indianapolis Gastroenterology and Hepatology Prince George’s County Health Department
Brightstarts Pediatrics Internal Medicine Associates Prompt Care Express, MI
Burnsville Medical Center IU – Northwest Public Safety Medical Services, IN
Cameron Memorial Community Hospital, IN Jackson Neurolosurgery Clinic Purdue University Health Center, IN
Capital Rehabilitation James E. Hunt, MD Rebecca J. Kurth M.D.
Cardiology Jasmine K. Leong MD Relief Center
Cardiovascular Consultants of Kansas Jasper County Hospital, IN Republic County Hospital
Carl Gustafson OD Jewell County Hospital Ricardo S. Lemos MD
Carolina Gastroenterology John Hiestand, M.D. Richard A. Stone M.D.
Carolina Kidney & Hypertension Center Jonathan F. Diller, M.D. Richard Ganz MD
Carolinas Psychiatric Associates Jubilee Community Health River Primary Care
Center for Advanced Spinal Surgery Kardous Primary Care Rolando P. Oro MD, PA
Central Indiana Orthopedics, PC Keith A. Harvey, M.D. Ronald Chochinov
Chang Neurosurgery & Spine Care Kenneth Cesa DPM Sabetha Community Hospital
Cheyenne County Hospital Kings Clinic and Urgent Care Santa Cruz Pulmonary Medical Group
Children’s Clinic of Owasso, P.C. Kiowa County Memorial Hospital Santone Chiropractic
Clara A. Lennox MD Kristin Egan MD Sarasota Cardiovascular Group
Claude E. Younes M.D., Inc. Lakeshore Family Practice Sarasota Center for Family Health Wellness
CMMC Lane County Hospital Sarasota Heart Center
Coalville Health Center Logan County Hospital Satanta District Hospital
Community Memorial Hospital, OH Manchester Family Physicians, IN Saul & Cutarelli MD’s Inc.
Cornerstone Medical and Wellness, LLC Margaret Mary Health Shaver Medical Clinic, P. A.
Cumberland Heart Masonboro Urgent Care Skiatook Osteopathic Clinic Inc.
David A. Wassil, D.O. McDonough Medical Group Psychiatry Sleep Centers of Fort Wayne
David M Mayer MD MedCorp, OH Smith County Hospital
Dr. Alicia Guice Medical Care, Inc. Smith Family Chiropractic
Dr. Anne Hughes Medical Center of East Houston Somers Eye Center
Dr. Buchele Medicine Lodge Memorial Hospital South Forsyth Family Medicine & Pediatrics
Dr. Clark MedPartners Southeast Rehabilitation Associates PC
Dr. Harvey Meridian Health Group, IN Southgate Radiology
Dr. John Labban MHP Cardiology Southwest Internal Medicine & Pain Management
Dr. John Suen Michael Mann, MD, PC Southwest Orthopaedic Surgery Specialists,PLC
Dr. Puleo Michelle Barnes Marshall, P.C. Southwestern Medical Clinics, MI
Dr. Rajesh Rana Michiana Gastroenterology, Inc. Stafford County Hospital
Dr. Rustagi Minneola District Hospital Stephen Helvie MD
Dr. Schermerhorn Mora Surgical Clinic Stephen T. Child MD
Dr. Shah Moundridge Mercy Hospital Inc Susan A. Kubica MD
Ear, Nose & Throat Associates, IN myhealthnow Texas Childrens Hospital
Ear, Nose & Throat Associates, P.C. Nancy L. Carteron M.D. The Children’s Health Place
East Carolina Medical Associates Naples Heart Rhythm Specialists The Heart & Vascular Specialists
Eastern Washington Dermatology Associates Nate Delisi DO The Heart and Vascular Center of Sarasota
Ellinwood District Hospital Nationwide Mobile Imaging, IN The Imaging Center
Family Care Chiropractic Center Neighborhood Health Clinic The Johnson Center for Pelvic Health
Family Medicine Associates, Jerry Sell, M.D., OH Neighborhood Health Clinic, IN The Medical Foundation, My Lab Results Portal
Family Practice Associates of Macomb Neosho Memorial Regional Medical Center Thompson Family Chiropractic
Family Practice of Macomb Neuro Spine Pain Surgery Center Trego County Hospital
First Care Family Physicians, IN Norman G. McKoy, M.D. & Ass., P.A. Tri-State Medical Imaging, IN
Floyd Trillis Jr., M.D. North Corridor Internal Medicine U.S. Healthworks Medical Group of Indiana, IN
Fort Wayne Medical Oncology & Hematology, IN Nova Pain Management Union Associated Physicians Clinic, IN
Fredonia Regional Hospital Novapex Franklin Union Square Dermatology
Fremont Family Medicine Oakland Family Practice Van Wert County Hospital, OH
Gary Pitts, M.D., IN Oakland Medical Group Volunteers in Medicine
Generations Primary Care Ohio Physical Medicine & Rehabilitation Inc. Wabash County Hospital, IN
Grace Community Health Center, Inc. On Track For Life Wabash Family Care, IN
Grisell Memorial Hospital Orthopaedics Northeast, IN Wells Chiropractic Clinic
Harding Pediatrics LLP Ottawa County Health Center Wichita County Health Center
Harlan County Health System Pareshchandra C. Patel MD William Klope MD
Health Access Program Parkview Health System, Inc. d/b/a Family Wyoming Total Health Record Patient Portal
Heart Institute of Venice Parkview Health System, Inc. d/b/a Fort Wayne Yovanni Tineo M.D.
Henderson Minor Outpatient Medicine Parkview Heart Institute, IN Zack Hall M.D.
Henry County Hospital myhealth portal Parkview Hospital, IN

 

New Security Controls are Being Implemented to Prevent Future Data Breaches

 

The breach has highlighted a number of areas where security could be improved to reduce the risk of future attacks being successful. According to Medical Informatics Engineering’s Co-Founder and COO, Eric Jones, “We are continuing to take steps to remediate and enhance the security of our systems.”

He explained, “Remedial efforts include removing the capabilities used by the intruder to gain unauthorized access to the affected systems, enhancing and strengthening password rules and storage mechanisms, increased active monitoring of the affected systems, and intelligence exchange with law enforcement. We have also instituted a universal password reset.”

Post updated: August 4, 2015

Author: HIPAA Journal

HIPAA Journal provides the most comprehensive coverage of HIPAA news anywhere online, in addition to independent advice about HIPAA compliance and the best practices to adopt to avoid data breaches, HIPAA violations and regulatory fines.

Share This Post On