Cyber Incident Victim: Medical Information Engineering

Medical Information Engineering (MIE), a Fort Wayne, Indiana-based medical software company, experienced a cybersecurity incident involving unauthorized access to its network between May 7 and May 26, 2015. Suspicious activity was detected on one of MIE's servers on May 26, prompting an investigation by the company's internal team and third-party forensic experts. The breach compromised personal health information belonging to patients of multiple healthcare providers using MIE's services, though the total number of affected individuals remained undisclosed. Exposed data included patient names, mailing addresses, email addresses, dates of birth, partial Social Security numbers, lab results, dictated medical reports, and information about medical conditions. Impacted clients spanned several healthcare organizations, including Concentra (operating over 300 medical centers across 38 states), Franciscan St. Francis Health Indianapolis, Rochester Medical Group near Detroit, and various health centers in Fort Wayne. The breach also affected NoMoreClipboard, a subsidiary of MIE.

MIE initiated client notifications regarding the breach on June 2, 2015, and arranged for mailed notifications to impacted patients whose addresses were available. The company reported the incident to law enforcement agencies and planned further notifications to state and federal regulators. As part of its remediation efforts, MIE implemented enhanced security measures following the forensic investigation and offered affected individuals two years of complimentary credit monitoring and identity protection services. The company's public statement emphasized continuous collaboration with independent forensic experts to investigate the attack and strengthen data security protocols, though no specific technical details about the attack vector or network vulnerabilities were disclosed publicly.