In May 2015, Medical Informatics Engineering (MIE) experienced a data breach. This breach affected patients and various healthcare providers using the MIE WebChart web app. Following the breach, MIE faced legal and regulatory consequences, including a settlement with the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services for potential HIPAA violations.

How many accounts were compromised?

The breach impacted data related to approximately 3.9 million individuals.

What data was leaked?

The data exposed in the breach included Electronic Personal Health Information (ePHI) records, such as names, phone numbers, addresses, usernames, hashed passwords, security questions and answers, spouses, email addresses, birth dates, Social Security numbers, labs, health insurance policies, diagnoses, disability codes, doctors, medical conditions, and children's names and birth statistics.

How was Medical Informatics Engineering hacked?

The attackers gained access to MIE's network using easily-guessed credentials and introduced an SQL injection exploit into a company database. They then accessed accounts with administrative privileges to retrieve millions of ePHI records. In a second offensive, they used c99 malware to reach additional files.

Medical Informatics Engineering's solution

In response to the hacking incident, the exact enhanced security measures taken by Medical Informatics Engineering remain unclear. However, the company settled with the Office for Civil Rights for $100,000 and agreed to adopt a corrective action plan. This plan required MIE to conduct a comprehensive, organization-wide risk analysis and develop a risk management plan to address all identified risks and reduce them to a reasonable and acceptable level.

How do I know if I was affected?

It is not clear whether Medical Informatics Engineering directly contacted the affected users following the breach. However, individuals can visit Have I Been Pwned to check if their credentials were compromised in this or any other data breach by entering their email address and clicking the "pwned?" button.

What should affected users do?

In general, affected users should:

• Change Your Password: Immediately update your password for the breached account. Make sure the new password is strong and unique, not previously used on any other platform.

• Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.

• Enable Two-Factor Authentication (2FA): Activate 2FA on the breached account and consider enabling this additional security feature on all other important online accounts to significantly reduce the risk of unauthorized access.

• Monitor Your Accounts: Keep an eye on your accounts for any suspicious activity and report any unauthorized access or transactions to the appropriate parties immediately.

For more specific help and instructions related to Medical Informatics Engineering's data breach, please contact Medical Informatics Engineering support directly.

Where can I go to learn more?

For more information on the Medical Informatics Engineering data breach, check out the following news articles:

• Medical Informatics Engineering Breach: The Gift That Keeps on Giving

• Medical Informatics Engineering Settles HIPAA Breach Case for $100,000

• Indiana Medical Records Service Pays $100K to Settle HIPAA Breach