FRANKFORT, Ky. (WTVQ)- Attorney General Andy Beshear says a reported 2015 data breach that compromised the data of 69,000 Kentuckians, including 33,000 Social Security numbers, will result in the Commonwealth receiving thousands of dollars from an electronic health records company.
Kentucky’s general fund will receive more than $25,000 following the court’s approval of the consent judgment, which was negotiated by 16 attorneys general, and the companies involved in the breach – Medical Informatics Engineering, Inc. and NoMoreClipboard LLC (collectively “MIE”).
The lawsuit alleged that the companies failed to take reasonable steps to prevent the data breach, failed to honor their representations that patients’ health information would be protected and did not provide timely notice of the data breach. The attorneys general claimed MIE’s actions surrounding the alleged breach violated provisions of the Health Insurance Portability and Accountability Act or HIPAA and state consumer protection laws.
The coalition first took action against the companies in 2018 when they filed the nation’s first-ever multistate lawsuit involving a HIPAA-related data breach.
As part of the agreement, MIE must comply with the applicable privacy and consumer protection laws, and agreed to certain data security requirements, including multi-factor authentication, security incident response procedures, annual employee training and designating a privacy officer.
The company will pay $900,000 total to the participating states, in three equal, annual installments.
The attorney general’s office says that these actions have yielded restitution that could exceed more than $95 million, representing amounts paid to consumers or amounts Kentuckians are eligible to receive, and the value of credits, student loan debt relief and warranty extensions made available to Kentuckians.
If Kentuckians’ personal information has been compromised, Beshear encourages them to contact his office and visit ag.ky.gov to receive a free identity theft tool kit. The kit provides directions on how to apply for fraud alerts and seek credit freezes.