{"id":21096,"date":"2018-12-06T01:41:15","date_gmt":"2018-12-06T01:41:15","guid":{"rendered":"http:\/\/5b38db5f-2507-4ed5-abc4-34d3b80b17a8"},"modified":"2018-12-06T01:41:15","modified_gmt":"2018-12-06T01:41:15","slug":"twelve-us-states-join-for-the-first-time-to-file-multistate-data-breach-lawsuit","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/twelve-us-states-join-for-the-first-time-to-file-multistate-data-breach-lawsuit\/","title":{"rendered":"Twelve US states join for the first time to file multistate data breach lawsuit"},"content":{"rendered":"
<\/div>\n

Attorney generals from twelve US states have joined together to file the first-ever joint cross-state HIPAA lawsuit against a healthcare provider that got hacked in the summer of 2015.<\/p>\n

\n

More security news<\/span><\/h3>\n<\/div>\n

The lawsuit, filed in an Indiana court on Monday, alleges that Medical Informatics Engineering and its subsidiary NoMoreClipboard –collectively known and doing business as MIE– had “failed to take adequate and reasonable measures to ensure their computer systems were protected.”<\/p>\n

Because of their alleged failings, hackers gained access to MIE WebChart web app, from where they gained access and stole the personal details of 3.9 million US citizens who visited 11 healthcare providers and 44 radiology clinics that managed patient data via the WebChart app.<\/p>\n

Stolen data included<\/a> a treasure trove of personal information, such as names, phones, home addresses, dates of birth, Social Security numbers, email addresses, passwords, usernames, security questions, but also healthcare information such as lab results, diagnoses, medical conditions, disability codes, medical records, health insurance information, and even information on patients’ family members.<\/p>\n

The vast majority of affected users were located in Indiana –over 1.5 million– but users in other states were also affected, to a lesser degree.<\/p>\n

Now, almost three years after the hack, state attorney generals from twelve states have banded together to sue the healthcare provider for numerous failings under the provisions of the Health Insurance Portability and Accountability Act (HIPAA).<\/p>\n

The states participating in the lawsuit are Arizona, Arkansas, Florida, Iowa, Indiana, Kansas, Kentucky, Louisiana, Minnesota, Nebraska, North Carolina, and Wisconsin.<\/p>\n

\n<\/section>\n

According to a copy of the lawsuit<\/a>, obtained by ZDNet, MIE officials had failed on several fronts when it came to implementing “basic industry-accepted data security measures.”<\/p>\n

For example:<\/p>\n