21st Century Oncology Group Breach 
Advocate Medical Group Breach 
Affinity Health Plan 
126 Email Service 
000webhost.com 
17 Streaming App 
7K7K 
Equifax Data Breach 
Weebly 
Yahoo! 
NY Times Russian Cyber Breach 
Vivint A Fort Wayne, Indiana medical software company called Medical Informatics Engineering (MIE) announced on June 10, 2015 that a cyber attack on its main network and its NoMoreClipboard network were breached on May 7, 2015, but was not detected until May 26, 2015.
In a statement by MIE to its customers, the medical software company disclosed that on May 26, 2015 they became aware of suspicious activity on one of their main servers and immediately began investigating. The company’s main goal was to identify the security vulnerabilities and to rectify them in order to safeguard patient information. Medical Informatics Engineering brought in a third party cyber security firm to work with their internal team to investigate the attack and determine the areas of cyber security that needed to be enhanced to prevent any further breaches from occurring. It was also mentioned that MIE had reported the incident to the FBI’s cyber squad for investigation.
What they learned from their investigations was that although the breach began on May 7, 2015, it was not until May 26, 2014 when MIE’s monitoring systems began to detect the unauthorized access. The MIE breach was discovered relatively quickly in terms of other major healthcare records breaches such as Premera or BlueCross BlueShield, which went on for months or even years in some cases before being discovered. And while the discovery and eradication of the cyber intruders was rapid, it was not before the criminals were able to access the personal data of approximately 3.9 million individuals, which included:
- Names
- Date of birth
- Social Security number
- Addresses
- E-mail addresses
- Telephone numbers
- Username
- Hashed password
- Security question and answer
- Spousal information including date of birth
- Health insurance policy numbers and information
- Diagnosis
- Lab results
- Disability code
- Treating physician’s name
- Medical conditions
- Child or children’s names and birthdates
Due to the serious nature of and the breadth of data that was breached in the Medical Informatics Engineering attack, the company offered two years of free credit monitoring and identity protection services to all those who were affected. This includes patient’s children who are 18 years of age and those under 18 who can be registered for the free services by their parent or guardian. In their notification statement, MIE advises individuals as to how they can avoid identity theft and fraud and provides numerous resource links to help people navigate through the difficulties this breach may cause them.
In June 2015, Medical Informatics Engineering began contacting its clients individually to inform them of the seriousness of data breach. And on July 17, 2015 the company began mailing notification letters to individuals affected by the breach, as is required by state and federal laws. MIE was also required by law to report the incident to consumer credit reporting agencies and to state and federal regulators.
A list of the healthcare providers that are clients of MIE, who may have been compromised include:
- Concentra
- Allied Physicians, Inc. d/b/a Fort Wayne Neurological Center
- Franciscan St. Francis Health Indianapolis
- Gynecology Center, Inc. Fort Wayne
- Rochester Medical Group
- RediMed
- Fort Wayne Radiology Association, LLC d/b/a Nuvena Vein Center and Dexa Diagnostics
- Open View MRI, LLC
- Breast Diagnostic Center, LLC
- P.E.T. Imaging Services, LLC
- M.R.I. Center, Fort Wayne Radiology, Inc. (f/k/a Advanced Imaging Systems, Inc.)
The following information was taken directly from MIE’s statement on their website:
Individuals who received services from Fort Wayne Radiology Association, Open View, Breast Diagnostic Center, PET Imaging or MRI Center during the period of time from January 1, 1997 to May 26, 2015 may be affected. The database relating to these healthcare providers was accessed on May 26, 2015. Individuals may also visit the providers’ websites, which may be accessed at www.fwradiology.com, for information on this incident. Affected individuals may include, along with potential others, individuals who received radiology services during this time at any of the organizations identified below:
| Accustat Medical Lab, Inc. | Indianapolis, IN |
| Allergy & Asthma Center | Fort Wayne, IN |
| Associated Physicians & Surgeons Clinic, LLC | Terre Haute, IN |
| Ball Memorial Hospital | Muncie, IN |
| Bedford Regional Medical Center | Bedford, IN |
| Cameron Memorial Community Hospital | Angola, IN |
| Central Indiana Orthopedics, PC | Muncie, IN |
| Community Memorial Hospital | Hicksville, OH |
| Ear, Nose & Throat Associates | Fort Wayne, IN |
| Family Medicine Associates, Jerry Sell, M.D. | Rockford, OH |
| First Care Family Physicians | Fort Wayne, IN |
| Fort Wayne Medical Oncology & Hematology | Fort Wayne, IN |
| Gary Pitts, M.D. | Warsaw, IN |
| Indiana Urgent Care Centers, LLC | Indianapolis, IN |
| Indiana University Health Center | Bloomington, IN |
| Jasper County Hospital | Rensselaer, IN |
| Manchester Family Physicians | North Manchester, IN |
| MedCorp | Toledo, OH |
| Meridian Health Group | Carmel, IN |
| Nationwide Mobile Imaging | Fort Wayne, IN |
| Neighborhood Health Clinic | Fort Wayne, IN |
| Orthopedics Northeast | Fort Wayne, IN |
| Parkview Regional Medical Center | Fort Wayne, IN |
| Parkview Hospital | Fort Wayne, IN |
| Parkview Ortho Hospital | Fort Wayne, IN |
| Parkview Heart Institute | Fort Wayne, IN |
| Parkview Women & Children’s Hospital | Fort Wayne, IN |
| Parkview Noble Hospital | Kendallville, IN |
| Parkview Huntington Hospital | Huntington, IN |
| Parkview Whitley Hospital | Columbia City, IN |
| Parkview LaGrange Hospital | LaGrange, IN |
| Parkview Physicians Group | |
| Parkview Occupational Health Centers | |
| Paulding County Hospital | Paulding, OH |
| Prompt Care Express | Coldwater, MI; Sturgis, MI |
| Public Safety Medical Services | Indianapolis, IN |
| Purdue University Health Center | W. Lafayette, IN |
| Southwestern Medical Clinics | Berrien Springs, MI |
| Tri-State Medical Imaging | Angola, Indiana |
| Union Associated Physicians Clinic | Terre Haute, IN |
| U.S. Healthworks Medical Group of Indiana | Elkhart, IN |
| Van Wert County Hospital | Van Wert, OH |
| Wabash County Hospital | Wabash, IN |
| Wabash Family Care | Wabash, IN |
We take the security of health information very seriously and understand that such incidents cause real concern. We apologize sincerely and thank our customers for their continued loyalty and patience as we work through this challenge.
Additional Resources About This Breach:
http://wane.com/2015/07/28/software-company-sends-letters-to-people-impacted-by-security-breach/
http://www.databreaches.net/medical-informatics-engineering-hacked-patient-info-involved/