One In Four Indiana Residents' E-Record Data Exposed in Hack

Reader chicksdaddy reports that a data breach involving four million patients and more than 230 different data holders (from private practices to large hospitals) hit Indiana especially hard. It's the home state of Medical Informatics Engineering, maker of electronic records system NoMoreClipBoard. While data exposed in the breach affected 3.9 million people, 1.5 millon of them are in Indiana. According to the Security Ledger, though: [The] breach affects healthcare organizations from across the country, with healthcare providers ranging from prominent hospitals to individual physicians' offices and clinics are among 195 customers of the NoMoreClipboard product that had patient information exposed in the breach. And, more than a month after the breach was discovered, some healthcare organizations whose patients were affected are still waiting for data from EMI on how many and which patients had information exposed.

'We have received no information from MIE regarding that,' said a spokeswoman for Fort Wayne Radiology Association (http://www.fwradiology.com/), one of hundreds of healthcare organizations whose information was compromised in the attack on MIE..

How is this even possible?

Why should a company storing confidential data have any ability to access any part of that data? Especially when there are hundreds of separate owners of the data!

Each data owner should encrypt data before it leaves their site. In fact, individual documents should be uniquely encrypted.

These stories of leaks of massive amounts of data -- again and again! -- just prove that nobody cares.

Re:HIPAA is irrelevant... attacks are past stoppin

[phantomfive]

If the biggest, most secure organizations in the world (Sony x 2, Target, OPM) can get breached, anyone can.

I don't think anyone ever said they were the most secure organizations in the world. In the case of Sony specifically, their security was notable for its poor quality.