Attorney General Morrisey Reaches Settlement in Medical Privacy Data Breach

CHARLESTON — West Virginia Attorney General Patrick Morrisey, in coordination with a total of 16 state attorneys general, reached a settlement to resolve allegations stemming from a data breach that exposed the medical records of more than 3.9 million individuals.

The May 2015 data breach involved health records company Medical Informatics Engineering Inc. and NoMoreClipboard LLC (collectively “MIE”). The attorneys general allege hackers infiltrated WebChart, an MIE-run web application, and stole electronic health information.
The case is regarded as the nation’s first multistate lawsuit involving a Health Insurance Portability and Accountability Act (“HIPAA”)-related data breach.
“Businesses must take adequate and reasonable measures to ensure the protection of their computer systems,” Attorney General Morrisey said. “Any business that fails to safeguard patients’ personal health information can cause significant harm to consumers across our state and nation.”
The settlement, approved by a federal judge in late May, requires the defendants to pay member states $900,000, as well as comply with applicable privacy and security laws, take additional steps to protect personal information and hire a third party to analyze and identify any security risks. West Virginia’s proportional share is $21,187.
The lawsuit resolved allegations that MIE violated provisions of HIPAA, as well as state claims including unfair and deceptive practice laws.
West Virginia joined the Indiana-led lawsuit with Arizona, Arkansas, Connecticut, Florida, Iowa, Kansas, Kentucky, Louisiana, Michigan, Minnesota, Nebraska, North Carolina, Tennessee and Wisconsin.
Read the court’s consent decree at
Comments powered by Disqus