Personal health information stolen from DOT health care provider

By Tyson Fisher, Land Line staff writer | 8/6/2015

Shortly after Fiat Chrysler announced a vulnerability in its software security, health care company Concentra revealed a security breach with a vendor that stores patient information. Concentra has more than 300 medical centers in 38 states, many of which conduct DOT physicals.

Medical Informatics Engineering, a health care data exchange company, recently acknowledged that its system had been hacked. Personal health information of certain MIE clients and individuals were affected. MIE noted that not all clients and individuals using its service were affected by the data breach.

According to MIE, the security breach occurred on May 7. It was not until nearly three weeks later when the company discovered suspicious activity within one of its servers. MIE immediately hired a third-party to investigate the attack. In addition to experts hired by MIE, law enforcement – including the FBI Cyber Squad – is also investigating the breach.

Investigations into the details of the breach are still incomplete, but MIE has determined that personal and protected health information has been affected. In addition to usernames, passwords and other information related to website registrations, more serious information including Social Security numbers, lab results, insurance policy information, diagnosis, medical conditions and doctor’s name may also be in the hands of the hackers.

MIE notified affected clients on June 2 and began mailing notifications to affected individuals with a known valid postal address on July 17. All letters were expected to be mailed on or before July 25. Individuals whose information has been compromised will be offered free access to two years of credit monitoring and identity protection services.

Affected individuals or anyone who feels their information may have been part of the hack can call a hotline dedicated to the breach at 866-328-1987. Lines will be open Monday through Friday from 9 a.m. to 9 p.m. Eastern Time.

Health care providers whose patients may have had their information stolen include the following:

  • Concentra
  • Allied Physicians Inc. doing business as Fort Wayne Neurological Center (including Neurology, Physical Medicine and Neurosurgery)
  • Franciscan St. Francis Health Indianapolis
  • Gynecology Center Inc. Fort Wayne
  • Rochester Medical Group
  • RediMed
  • Fort Wayne Radiology Association LLC including Nuvena Vein Center and Dexa Diagnostics
  • Open View MRI LLC
  • Breast Diagnostic Center LLC
  • P.E.T. Imaging Services LLC
  • MRI Center — Fort Wayne Radiology, Inc. (formerly known as Advanced Imaging Systems Inc.)

When reached for comment, Concentra spokesperson Edwin Bodensiek emphasized that the breach came from within MIE and not Concentra and that not all patients’ information was breached. Unless patients receive a letter from MIE, Concentra does not believe their information has been compromised.

“MIE also says that no financial data was included in their data breach. Out of an abundance of caution, we are diligently working with MIE to pass on all relevant information to help patients, such as credit report monitoring services, an MIE call center and web page,” Bodensiek told Land Line.

Copyright © OOIDA