EHR vendor hit by sophisticated cyber attack
HIM-HIPAA Insider, August 10, 2015
Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!
An Indiana-based EHR vendor and its subsidiary company were the victims of a sophisticated criminal cyber-attack last week that exposed the PHI of some patients at several of the vendor’s clients, according to a notice Medical Informatics Engineering (MIE) posted to its website June 10.
The statement did not say how many patients were affected, but did list the following affected clients, which were each notified of the breach:
- Concentra
- Fort Wayne Neurological Center
- Franciscan St. Francis Health Indianapolis
- Gynecology Center, Inc. Fort Wayne
- Rochester Medical Group
The breach also affected MIE’s subsidiary, NoMoreClipboard, which is also based out of its Fort Wayne offices. A separate notice to those clients and patients was issued.
Compromised PHI may have included patients’ names, Social Security numbers, mailing addresses, email addresses, birthdates, medical conditions, and lab results, according to MIE.
The same information was compromised at NoMoreClipboard along with individuals’ usernames, passwords, and security questions and answers.
Both MIE and its subsidiary, however, pointed out they don’t collect or store financial or credit information on patients.
MIE said it first discovered suspicious activity related to one of its servers on May 26, 2015, and immediately opened an internal investigation with assistance from third-party forensics experts. Law enforcement authorities were also notified.
The statement said MIE’s investigation thus far indicates unauthorized access to the company network began on May 7 in a sophisticated cyber-attack, but offered no further details on the nature of the incident. MIE notified victims June 2.
The FBI’s cyber-crime division is actively investigating the case with full cooperation from MIE and NoMoreClipboard.
MIE said it has been continuously investigating the attack as well as enhancing its data security and protection.
Free credit monitoring and identity protection services for the next 24 months were offered to victims of the breach and a toll free call center was also setup. NoMoreClipboard further urged its users to change their passwords.
This article originally appeared on HCPro’s HIPAA Update blog.
This article originally appeared on HCPro’s HIPAA Update blog.
Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!
Related Products
-
Briefings on APCs
Worried about the complexities of the new rules under OPPS and APCs? Briefings on APCs helps you understand the new rules...
-
HIM Briefings
Guiding Health Information Management professionals through the continuously changing field of medical records and toward a...
-
Briefings on Coding Compliance Strategies
Submitting improper Medicare documentation can lead to denial of fees, payback, fines, and increased diligence from payers...
-
Briefings on HIPAA
How can you minimize the impact of HIPAA? Subscribe to Briefings on HIPAA, your health information management resource for...
-
APCs Insider
This HTML-based e-mail newsletter provides weekly tips and advice on the new ambulatory payment classifications regulations...
Most Popular
- Articles
-
- Don't forget the three checks in medication administration
- The consequences of an incomplete medical record
- Practice the six rights of medication administration
- Note similarities and differences between HCPCS, CPT® codes
- Nursing responsibilities for managing pain
- Q&A: Primary, principal, and secondary diagnoses
- Complications from immobility by body system
- Skills of effective case managers
- OB services: Coding inside and outside of the package
- Prevent dehydration with nursing interventions
- E-mailed
-
- Correctly bill ancillary bedside procedures in addition to the room rate
- The Cincinnati Pre-Hospital Stroke Scale
- Q: Will Medicare cover homecare services to residents of assisted living facilities (ALFs)?
- Q/A: Coding infusions to correct low potassium levels
- Q&A: Utilization Review Committee Membership
- Q&A: Bill blood administration the same way for inpatient and outpatient accounts
- OB services: Coding inside and outside of the package
- Know the medical gas cylinder storage requirements
- Intravenous therapy guidelines
- ICD-10-CM coma, stroke codes require more specific documentation
- Searched
-
- cold weather preparedness in hospital
- Nursing home administrator
- 72 hour supervised fasting
- 5.If the ICD10CM replaces ICD9CM Volumes 1 and
- anesthesia code for 45331
- Dynaper
- evidencebased competency management INVALIDem
- How to prevent hospitalacquired pressure ulcersinj
- INFECTION CONTROL
- language barriers