The complaint, filed on December 3 in the U.S. District Court for the Northern District of Indiana, names four companies or their subsidiaries, including Fort Wayne, Indiana-based Medical Informatics Engineering and NoMoreClipboard, LLC.
The 66-page filing states these companies did not take “adequate and reasonable measures” to ensure protection of patient data. In the breach cited in the lawsuit, hackers stole and exposed the private health care data of 3.9 million individuals that was stored in the companies’ electronic medical record databases.
The exposed information included patient names, addresses, and Social Security numbers, as well as health information, such as lab results, health insurance policy information, diagnoses, and medical conditions.
The lawsuit marks the first time state attorneys general jointly filed a multi-state data breach case in federal court based on the federal Health Insurance Portability and Accountability Act.
Attorneys general from Arizona, Arkansas, Florida, Indiana, Iowa, Kansas, Kentucky, Louisiana, Minnesota, Nebraska, North Carolina, and Wisconsin filed the suit. — Staff reports