By Michael P. Tremoglie
Three Indiana residents are suing a health software and systems company, Medical Informatics Engineering (MIE), over claims it unlawfully failed to properly safeguard its clients' personally identifiable information.
Rory Hill, Nicole Hill, and Dawn McLaughlin, individually and for all others similarly situated, filed a class action complaint Aug. 4 in U.S. District Court for the Northern District of Indiana against MIE of Fort Wayne, Ind., alleging negligence.
On May 26, according to the complaint, MIE discovered suspicious activity on one of its servers, unauthorized access that an investigation indicated began on May 7.
The complaint alleges that MIE confirmed the breach on July 17 but has not provided information to its extent, how the breach occurred, or whether measures have been taken to prevent further unauthorized access.
The breach resulted in stolen personal information, including names, addresses, Social Security numbers, and insurance information, leaving plaintiffs and others in the class vulnerable to identity theft schemes for perhaps years, the complaint alleges.
The plaintiffs and others in the class seek injunctive relief, damages, court costs, and an order to prohibit the defendant from further engaging in the described negligent practices and taking steps to better protect all data collected.
Bob Prox of Forrest Sherer Insurance, a firm offering cyber liability insurance, told Insurance Business America, “We think that healthcare providers are more exposed than other industries to a data breach for two reasons. First, they voluntarily pass patient data all the time. Hackers will pay twenty times more for Protected Health Information (PHI) vs. Personally Identifiable Information (PII).”
“While we have been encouraging the purchase of cyber liability to provide protection from data breaches, many choose not to purchase the coverage,” he added.
Prox recommends two things that companies, especially those in the healthcare field, should do:
- Perform a data security audit, which should include those partners with whom they voluntarily share data.
- Purchase cyber liability coverage to protect themselves from the “1st Party Expenses” such as notification, credit monitoring, fines and penalties, forensic investigation, and public relations, as well as, “ 3rd Party” Liabilities for damages alleged by victims of a data breach.
Given the increase in data breaches and the accompanying litigation following them the field of cyber liability insurance may be a burgeoning one in years to come.
