[BreachExchange] 12 states file lawsuit against medical record data companies

[Destry Winant]

https://www.scmagazine.com/home/security-news/12-states-file-lawsuit-against-medical-record-data-companies/

A multi-state lawsuit has been filed in an Indiana federal court
against three affiliated medical data IT firms, alleging poor
cybersecurity practices that led to breaches with 3.9 million
compromised records.

The attorneys-general of Arizona, Arkansas, Florida, Indiana, Iowa,
Kansas, Kentucky, Louisiana, Minnesota, Nebraska, North Carolina and
Wisconsin jointly launched the suit against defendants Medical
Informatics Engineering, Inc. (operating as Enterprise Health, LLC),
K&L Holdings, and NoMoreClipboard, LLC. The plaintiffs are seeking the
ability to enforce state laws that would, in turn, allow them to seek
injunctive relief, civil penalties, attorney’s fees, expenses, costs
and such other relief.

No specific amount of financial compensation was discussed.

“Defendants’ actions resulted in the violation of the state consumer
protection, data breach, personal information protection laws and
federal HIPAA statutes… Plaintiffs seek to enforce said laws by
bringing this action,” the filing stated.

The plaintiffs say that between May 7, 2015 and May 26, 2015, a
cyberattack on the electronic health record application WebChart
resulted in the unauthorized access of medical records containing
personal health information on various state residents — a breach of
various HIPPA regulations. MIE licenses WebChart, NoMoreClipboard is
its subsidiary and K&L Holdings is an affiliated company.