Study: Companies Pay Their Senior Executives More Than They Pay In Federal Taxes
Drones: Near Misses Over New York, Shoot Down In Kentucky, And DHS Bulletins

Class-Action Lawsuits Filed Against Medical Informatics Engineering And Experian

Medical Informatics Engineering logo One result of the Medical Informatics Engineering (MIE) data breach has been a class-action lawsuit filed against MIE. The Journal Gazette reported on July 31:

"James Young, a patient whose medical information was compromised, filed the paperwork Wednesday in U.S. District Court in Fort Wayne. The Indianapolis man is seeking to create a class action, which would allow others who had personal information stolen in the data breach to join the lawsuit... Young alleges that MIE failed "to take adequate and reasonable measures to ensure its data systems were protected," failed to stop the breach and failed to notify customers ina timely manner."

In a Sunday, August 2 article, the Fort Wayne, Indiana-based Journal Gazette described the wide range of companies that access consumers' medical records:

"A lot more people than you realize, including your employer, your bank, state and federal agencies, insurance companies, drug companies, marketers, medical transcribers and the public, if your health records are subpoenaed as part of a court case. All those entities can access your records without getting special permission from you, according to Patient Privacy Rights."

Austin, Texas-based Patient Privacy Rights is an education, privacy, and advocacy organization dedicated to helping consumers regain control over their personal health information.

The Journal Gazette news article was the first report I've read disclosing the total number of breach victims. Reportedly, MIE sent 3.1 million breach notices to affected consumers nationwide. Help Net Security reported a total of nearly 5.5 million consumers in the U.S. affected. That includes 1.5 million consumers affected in Indiana, and 3.9 million consumers in other states. Compromised or stolen data goes as far back as 1997. Reportedly, the Indiana Attorney General's office has begun an investigation.

The Journal Gazette news article also discussed some of the ways stolen medical information can be misused:

"An unethical provider could bill an insurance company or the federal government for health care that it never gave you. Any amount not covered would then be billed directly to you, which could affect your credit score... Then there’s the issue of using sensitive medical information for marketing – or even for blackmail. Let’s say someone was treated for AIDS, hepatitis C or a sexually transmitted disease. A company selling prescription drugs or other products might like to target that patient for advertising. But sending brochures or coupons in the mail could tip off others about the condition. Someone with those or similar medical conditions could face discrimination in hiring..."

Experian logoIn a separate case, a class-action was filed against the credit reporting service Experian. The Krebs On Security blog reported on July 21:

"The suit alleges that Experian negligently violated consumer protection laws when it failed to detect for nearly 10 months that a customer of its data broker subsidiary was a scammer who ran a criminal service that resold consumer data to identity thieves... The lawsuit comes just days after a judge in New Hampshire handed down a 13-year jail sentence against Hieu Minh Ngo, a 25-year-old Vietnamese man who ran an ID theft service variously named Superget.info and findget.me. Ngo admitted hacking into or otherwise illegally gaining access to databases belonging to some of the world’s largest data brokers, including a Court Ventures— a company that Experian acquired in 2012. He got access to some 200 million consumer records by posing as a private investigator based in the United States... The class action lawsuit, filed July 17, 2015 in the U.S. District Court for the Central District of California, seeks statutory damages for Experian’s alleged violations of, among other statutes, the Fair Credit Reporting Act (FCRA)..."

I included information about both class-actions in a single blog post since both companies are of interest to consumers affected by MIE's data breach. MIE has offered breach victims two years of free credit monitoring services from Experian.

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

T. Kaymak

One of the firms that filed a class action suit against MIE has a good blog about this case and others it has filed. It's on their website under Latest News. The firm is Goldman Scarlato. You can google it if you are interested. Just thought I would share.

George

Readers:

Thanks to T. Kaymak for the update. Here's an excerpt and the link:

"Goldman Scarlato & Penny has filed a complaint in the Northern District of Indiana on behalf of all persons and entities whose private information was compromised as a result of a data breach announced by Medical Informatics Engineering, Inc. (“MIE”) on June 10, 2015... Although MIE claims that it immediately began an investigation on May 26th “to safeguard the security of personal and protected health information,” and contacted the FBI, MIE waited until July 17th to begin mailing notices to those affected. During that extended time period, crucial private and personal data of almost 4 million people may have been compromised... Had MIE notified affected persons sooner, putative Class Members might have taken steps to mitigate the harm. Security experts suggest that MIE did not have adequate systems in place to prevent the breach..."

Goldman Scarlato & Penny Investigating MIE Data Breach
http://lawgsp.com/goldman-scarlato-penny-mie-data-breach/

George
Editor
http://ivebeenmugged.typepad.com

The comments to this entry are closed.