The American company Medical Informatics Engineering (MIE) has been indicted by 12 American states for a data breach in 2015 in which nearly 4 million patient data came into criminal hands. In May 2015, malicious people were able to invade the company’s back-end systems. They managed to steal data from 3.9 million citizens there.
It was not just about names and address details, but also about social security numbers, laboratory results, medical diagnoses, names of doctors and other medical data. MIE is accused of violating 27 federal laws relating to reporting a data breach, misrepresentation and personal data protection, writes Naked Security. The company in question would have insufficiently secured the computer systems.
No one was informed about the poorly secured systems and the victims were informed too late. On 26 May 2015 the hack was discovered, on 10 June a report was made on the website of the company. In July, victims were informed by e-mail and only in December 2017 did the victims receive a letter by post about the incident. The complaint states that MIE failed to encrypt the sensitive data while the company claimed to do so.
For more information please visit the original article: https://nakedsecurity.sophos.com/2018/12/07/unencrypted-medical-data-leads-to-12-state-litigation/