Electronic health records vendor Medical Informatics Engineering and its personal health records vendor subsidiary NoMoreClipboard have been hit by a sophisticated cyber attack. The companies, based in northern Indiana, are working with the FBI and law enforcement agencies.

Suspicious activity on a server was noted on May 26 and a forensics investigation determined that unauthorized access started on May 7, according to public notices posted on both company websites. Access to the EHR affected only certain MIE clients, including Concentra, Fort Wayne Neurological Center, Franciscan St. Francis Health in Indianapolis, Gynecology Center Inc. in Fort Wayne, and Rochester Medical Group. These clients have been notified and MIE continues work to identify affected individuals and hopes to soon start mailing notices, says Eric Jones, COO.

Protected health information compromised in the EHR for patients of the affected organizations includes patient name, address, email address, date birth, and for some patients Social Security number, lab results, dictated reports and medical conditions.

Also See: Taking a New Look at Data Security Social Engineering

The hack of NoMoreClipboard, also launched on May 7 and discovered on May 26, compromises patient name, address, username, hashed password, security question and answer, email address, date of birth, health information and Social Security number.

MIE and NoMoreClipboard are offering affected members two years of free credit and identity protection services from Experian, which also is assisting with other remediation activities, Jones says.

“We strongly encourage all NoMoreClipboard users to change their passwords,” according to the Web notices. “We also strongly encourage everyone to use different passwords for each of their various accounts. Do not use the same password twice. The next time a NoMoreClipboard user logs in, we will prompt a password change. As part of the password change process, users will be sent a 5 digit PIN code to either a cell phone, via an automated phone call, or to an email address associated with the NoMoreClipboard account.”

Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access