The U.S. Department of Health and Human Services reports that earlier this year the records of 3.9 to 4 million people nationwide got exposed when an Indiana medical software firm’s networks were hacked.
Medical Informatics Engineering or MIE informed the federal agency about the number of people affected by this hack attack on July 23.
Hackers Knockdown Indiana ‘Right to Life’ Website for Supporting RFRA
MIE, the Indiana-based medical software firm, handle the medical records of Texas-based health care provider firm Concentra. However, Concentra is just one among the other three subcontractors that have been affected by this hack.
On June 10th, the Fort Wayne Company stated that its main network and NoMoreClipboard network were attacked on May 7. The attack was detected on May 26.
The firm declared that the stolen information included names, birthdates, addresses, health records and Social Security numbers around 3.9 to 4 million people nationwide.
The firm posted a notice on its website claiming that this data leak has affected the patients of 11 health care providers including Texas-based Concentra, Franciscan St. Francis Health Indianapolis and Detroit-based Rochester Medical Group.
Moreover, data of patients served by Indiana, Michigan and Ohio radiology centers as well as 44 hospitals was also leaked. The Indiana and Purdue university medical centers in West Lafayette and Bloomington were among the providers.
According to investigations conducted by third-party experts’ team the attack “indicates this is a sophisticated cyber-attack.”
Free credit monitoring and identity protection facility for two years is the compensation that’s being offered by Medical Informatics Engineering to the affected individuals.
U.S. cyber infrastructure remains vulenrable to devistating cyber attacks
The company confirmed that it started mailing notices to affected individuals on their valid postal addresses from July 17.
Greg Zoeller, Attorney General Indiana, urged all the residents of the state to freeze their credit and stated that the department was investigating the attack.
Concentra has released an official statement stating that:
“Like many healthcare providers, Concentra has used Medical Informatics Engineering (MIE) as a vendor. The cyber attack MIE experienced is limited to their servers and not Concentra servers. MIE says that no financial data of affected patients was included in the data breach. We are diligently working with MIE to pass on all relevant information to help patients understand this breach and put provisions in place to protect themselves. MIE is offering credit report monitoring services to all affected patients. They have also established a call center and web page to provide affected patients with information and updates. Not all Concentra patients were affected by the MIE breach, but we urge any patients in your viewing area who received a notification letter from MIE to call 866-328-1987 or visit mieweb.com.”
This is not the first time when a medical software related firm has been hacked. In past, Premera Blue Cross had its 11 million customers exposed in a breach. The South Shore medical center in the UK also had its servers breached with patient info stolen.
Report typos and corrections to [email protected]