Update: Hackers hit business associate, swipe PHI and Social Security numbers
2015 thus far has been the year of hackers targeting the healthcare industry. And they don't appear to be slowing down. In late July, another business associate notified individuals that their protected health information was stolen following yet another "sophisticated cyberattack."
Medical Informatics Engineering, the Fort Wayne, Ind.-based electronic health record provider and parent company of NoMoreClipboard, is updating an earlier breach notification with additional details, specifically how many were impacted. Some 3.9 million individuals had their data compromised in the breach.
In a notice late July, MIE officials notified affected individuals that their Social Security numbers, lab results, medical conditions, demographic data, children's names, health insurance policies and sign-on security details were compromised in a cyberattack that transpired May 7. The unauthorized access by hackers continued until three weeks later, when MIE officials detected "suspicious activity" on one of its servers.
Patients who received radiology services at 44 locations across Indiana, Michigan and Ohio were affected by the breach. Affected providers include Concentra; Fort Wayne Radiology Association; Parkview Hospital in Indiana; and Community Memorial Hospital in Hicksville, Ohio, among others.
According to the EHR provider, the company has instituted a "universal password reset," improving password rules and storage mechanisms and boosting active system monitoring.
[See also: Hospital system fails mock cyberattack.]
Medical Informatics Engineering accounts for only a paltry 0.1 percent of the EHR market for providers, according to the most recent data from the Centers for Medicare & Medicaid Services. As of spring 2015, only 261 eligible providers had reported using the company's EHR. No hospitals reported being on the system.
MIE's cyberattack follows a series of cyberattacks targeting the healthcare industry this year and last. Earlier this month, UCLA Health system notified 4.5 million patients that their protected health information was compromised in a hack that occurred back in September 2014.
In the largest HIPAA breach ever reported, Anthem in February notified nearly 80 million of its members and employees that their Social Security numbers and personal data were swiped in a cyberattack.
Premera Blue Cross followed closely behind after announcing in March it too was the target of a similar attack compromising the data of 11 million of its members.
[See also: Anthem hack: 'Healthcare is a target'.]
Since 2009, some 139 million people have had their protected health information compromised in a large HIPAA privacy or security breach, according to data from the Office for Civil Rights, the HHS division responsible for HIPAA compliance. In this count, only breaches involving 500 or more individuals are included.
What's more is that hacking and/or IT events account for the lion's share of that total number. Nearly 76 percent of those individuals had PHI compromised due to hacking-related events, including cyberattacks.