A Wichita law firm has filed a lawsuit against a medical information company regarding a health information breach possibly affecting 3.9 million patients nationwide.
Hutton & Hutton Law Firm filed the case last week in federal court against Medical Informatics Engineering, a health records software company based in Fort Wayne, Ind.
The suit did not specify a dollar amount for damages in court records. But the records said the plaintiffs would seek compensation for damages from the information breach, risk of identity theft, lifetime cost of protective measures against future compromise and to monitor credit, financial and personal profiles.
Medical Informatics Engineering executives did not return calls and e-mail requests for comment.
Mark Hutton, co-founder and managing partner of Hutton & Hutton, said that out of more than 200 medical facilities whose information was breached across the country, at least 26 were in Kansas.
“Medical information is your most private information possible,” he said.
Hutton said he suspected a trial wouldn’t start for another 18 months to two years.
At this stage, Hutton said, the reach and breadth of the breach is still largely unknown.
Because at least 26 health facilities affected were in Kansas, a rough estimate would be more than 10 percent of the overall 3.9 million patients would be Kansans.
Blake Shuart, an attorney for Hutton & Hutton, said until more evidence is presented in the case, the only hint of the breadth of the breach comes from information publicly released by Medical Informatics Engineering in letters to patients and news releases.
Shuart said that, so far, most of the information breached was in small-town hospitals in southeastern and western Kansas. He said he wouldn’t have a better picture of the situation until records come out in court.
According to news releases from Medical Informatics Engineering, the company noticed suspicious activity on May 26, began to notify health facilities on June 2 and started sending letters to patients in mid- to late July.
The company said it reported the incident to law enforcement, including the FBI, when it recognized the suspicious activity, according to the news release. The news release also said the company conducted its own forensic investigation, which showed the breach began May 7.
Shuart said this isn’t the first large-scale data breach in recent history.
“Despite these other data breaches, companies are not taking adequate measures to protect information from hackers,” he said.
He said lawsuits like this aren’t just for patients seeking redress “but also for holding companies accountable, so hopefully these data breaches won’t occur.”
Federal court filings show three other suits have been filed against Medical Informatics Engineering since the information breach. Two federal suits were filed in Indiana and one in California.
Hutton said when a multitude of suits are filed, a panel of judges will consolidate the cases and assign a federal judge for pretrial rulings. The judge then sends the cases back to their original districts for trial.
Shuart and Hutton said they had not yet contacted other attorneys involved with the Indiana and California cases.
Herbert Schuttler, a retired businessman who lives in Wichita, is listed as the plaintiff for the Kansas lawsuit. He received a letter from Medical Informatics Engineering about the information breach, Hutton said.
“His case is representative of all the others that are similarly situated who have been wronged,” Hutton said.
Court records in the case outline a report from the federal government about data breaches. According to the records, the government report said that victims of a personal health information breach often will not feel the effects of the breach immediately and that years may pass before the victim sees signs of identity theft or misuse of their information.
The report also said the damage can continue for years and that thieves sell the information on the black market.