Tennessee, 15 Other States Reach $900,000 Data Breach Settlement

  • Wednesday, May 29, 2019

Attorney General Herbert H. Slatery III announced Wednesday that a U.S. District Court judge has signed a consent judgment negotiated by 16 states’ attorneys general and Medical Informatics Engineering, Inc. This case was the nation’s first-ever multistate lawsuit involving a HIPAA-related data breach.

 

The lawsuit, led by Indiana, was filed in December of 2018 against a web-based electronic health records company based in Fort Wayne, Indiana.

The company allegedly sustained a data breach compromising the data of more than 3.9 million people.  The data of 43,373 Tennesseans, including 14,871 Social Security Numbers, was compromised

 

With the signing of the consent judgment, the 16 states will receive $900,000 with Tennessee receiving $21,238. 

 

The lawsuit resolved allegations that Medical Informatics Engineering Inc. and NoMoreClipboard LLC (collectively “MIE”) violated provisions of the Health Insurance Portability and Accountability Act (“HIPAA”) as well as state claims including Unfair and Deceptive Practice laws, Notice of Data Breach statutes, and state Personal Information Protection Acts.

 

Between May 7, 2015, and May 26, 2015, hackers infiltrated WebChart, a web application run by MIE. The hackers stole the electronic Protected Health Information (“ePHI”) of more than 3.9 million individuals – including individual names, telephone numbers, mailing addresses, usernames, hashed passwords, security questions and answers, spousal information (name and potentially dates of birth), email addresses, dates of birth, Social Security numbers, lab results, health insurance policy information, diagnosis, disability codes, doctors’ names, medical conditions, and children’s names and birth statistics.    

 

“Protected Health Information (PHI) is extremely sensitive data and Tennesseans deserve to know that it is adequately protected,” said Attorney General Herbert H. Slatery III. “This office appreciates the work of Indiana Attorney General Curtis Hill in leading the states on this matter.”

Medical Informatics Engineering, Inc. also agreed to injunctive provisions aimed at preventing similar breaches in the future.

 

Indiana, Arizona, Arkansas, Connecticut, Florida, Iowa, Kansas, Kentucky, Louisiana, Michigan, Minnesota, Nebraska, North Carolina, West Virginia, and Wisconsin are also named in the settlement which can be viewed here: https://www.tn.gov/content/dam/tn/attorneygeneral/documents/pr/2019/pr19-18-judgment.pdf

Business
Cleveland Chamber Accepting Small Businessperson Award Applications
Cleveland Chamber Accepting Small Businessperson Award Applications
  • 4/21/2025

The Cleveland/Bradley Chamber of Commerce is accepting nominations for the 31st Annual Mel Bedwell Small Businessperson of the Year Award. The award is given in memory of Mel Bedwell, remembered ... more

New Hamilton County Business Licenses
  • 4/21/2025

Here are the new business licenses from the County Clerk's office: 1-800-STRIPER OF CHATTANOOGA THOMAS E BRIDGES 3626 WEATHERVANE LOOP APISON TN 37302 917 E 17TH LLC MEGAN WU 917 E 17TH ... more

PODCAST: Mike Costa Interviews Kim White
  • 4/21/2025

Kim White spent the first half of her career traveling and in sales. When she came back to Chattanooga, she decided to plant roots and got hyper-involved. She is the vice chancellor of Development ... more