EHR vendor hit by sophisticated cyber attack
HIM-HIPAA Insider, August 10, 2015
Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!
An Indiana-based EHR vendor and its subsidiary company were the victims of a sophisticated criminal cyber-attack last week that exposed the PHI of some patients at several of the vendor’s clients, according to a notice Medical Informatics Engineering (MIE) posted to its website June 10.
The statement did not say how many patients were affected, but did list the following affected clients, which were each notified of the breach:
- Concentra
- Fort Wayne Neurological Center
- Franciscan St. Francis Health Indianapolis
- Gynecology Center, Inc. Fort Wayne
- Rochester Medical Group
The breach also affected MIE’s subsidiary, NoMoreClipboard, which is also based out of its Fort Wayne offices. A separate notice to those clients and patients was issued.
Compromised PHI may have included patients’ names, Social Security numbers, mailing addresses, email addresses, birthdates, medical conditions, and lab results, according to MIE.
The same information was compromised at NoMoreClipboard along with individuals’ usernames, passwords, and security questions and answers.
Both MIE and its subsidiary, however, pointed out they don’t collect or store financial or credit information on patients.
MIE said it first discovered suspicious activity related to one of its servers on May 26, 2015, and immediately opened an internal investigation with assistance from third-party forensics experts. Law enforcement authorities were also notified.
The statement said MIE’s investigation thus far indicates unauthorized access to the company network began on May 7 in a sophisticated cyber-attack, but offered no further details on the nature of the incident. MIE notified victims June 2.
The FBI’s cyber-crime division is actively investigating the case with full cooperation from MIE and NoMoreClipboard.
MIE said it has been continuously investigating the attack as well as enhancing its data security and protection.
Free credit monitoring and identity protection services for the next 24 months were offered to victims of the breach and a toll free call center was also setup. NoMoreClipboard further urged its users to change their passwords.
This article originally appeared on HCPro’s HIPAA Update blog.
This article originally appeared on HCPro’s HIPAA Update blog.
Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!
Related Products
-
Briefings on APCs
Worried about the complexities of the new rules under OPPS and APCs? Briefings on APCs helps you understand the new rules...
-
HIM Briefings
Guiding Health Information Management professionals through the continuously changing field of medical records and toward a...
-
Briefings on Coding Compliance Strategies
Submitting improper Medicare documentation can lead to denial of fees, payback, fines, and increased diligence from payers...
-
Briefings on HIPAA
How can you minimize the impact of HIPAA? Subscribe to Briefings on HIPAA, your health information management resource for...
-
APCs Insider
This HTML-based e-mail newsletter provides weekly tips and advice on the new ambulatory payment classifications regulations...
Most Popular
- Articles
-
- Practice the six rights of medication administration
- Note similarities and differences between HCPCS, CPT® codes
- Don’t forget the three checks in medication administration
- Q/A: Correctly determining billing units for drugs
- Note from the instructor: CMS issues guidance on hospital inpatient admission order and certification requirements, Part I: Physician certification
- Complications from immobility by body system
- Differentiate between types of wound debridement
- What does case-mix index mean to you?
- Joint Commission creates new Sentinel Event Alert for violence against healthcare workers
- Joint Commission now allows partially-used oxygen canisters in 'full' rack
- E-mailed
-
- Joint Commission now allows partially-used oxygen canisters in 'full' rack
- Understand which parts of the medical record coders can use
- Teamwork makes clinical documentation management program a success at Kettering Medical Center
- Joint Commission and CMS Alignment: Restraint Management
- Initial vs. subsequent. New vs. established. Will it be an issue?
- Do not append modifier -52 to procedures involving equipment failure
- Dig into the details of wound care documentation
- Data gathering/reporting: One CDI specialist shares her hospital's methodology
- Communication strategies for nurse leaders
- CMS and Joint Commission clarify door-closing devices standards
- Searched