EHR vendor Medical Informatics Engineering (MIE) is facing significant fallout from its recent cyberattack with an Indiana resident affected by the data breach filing a class-action lawsuit in federal court against the company, alleging the vendor did not adequately protect its software from a cyberattack.

On May 26, MIE discovered the attack on its main network and its subsidiary NoMoreClipboard's network that started on May 7. Information on the hacked servers included names, birthdates, email addresses; mailing addresses, medical conditions and Social Security numbers. The breach affected 3.9 million patients. 

The class-action lawsuit was filed by James Young, a patient affected by the breach, and claims MIE did not "take available steps to prevent and stop the breach from ever happening."

More than 100 plaintiffs have joined the suit which alleges that MIE failed to disclose to its customers material facts related to the breach and provide timely notice of the breach.

"As a result of the MIE data breach, numerous individuals whose [health information] was used in a MIE [EHR] have been exposed to fraud and these individuals have been harmed," the suit says. Young "suffered actual injury from having his [personally identifiable information] and [personal health information] compromised and stolen in and as a result of the MIE data breach."

Access the lawsuit.