Please call (866) 328-1987 if you have any questions.

FAQs

---

  • What happened?

    On May 26, 2015, our technical team at Medical Informatics Engineering/NoMoreClipboard discovered suspicious activity relating to one of our servers. We immediately began an investigation. Our team, including independent third-party forensics experts, has been working continuously to understand the nature and scope of the incident. This investigation is ongoing. On May 26, 2015, we also reported this incident to the FBI Cyber Squad, and are cooperating with the FBI's investigation. The investigation indicates this is a sophisticated cyber attack. Our forensic investigation indicates the unauthorized access to our network began on May 7, 2015.

    While our investigation and law enforcement's investigation into this incident are ongoing, we have determined the security of some personal and protected health information contained on our network has been accessed.

    back to top
  • What Medical Informatics Engineering information was affected by this incident?

    The affected data relates to individuals affiliated with certain Medical Informatics Engineering clients including Concentra, Allied Physicians, Inc. d/b/a Fort Wayne Neurological Center (including Neurology, Physical Medicine and Neurosurgery), Franciscan St. Francis Health Indianapolis, Gynecology Center, Inc. Fort Wayne, Rochester Medical Group, RediMed,and Fort Wayne Radiology Association, LLC (including d/b/a Nuvena Vein Center and Dexa Diagnostics, Open View MRI, LLC, Breast Diagnostic Center, LLC, P.E.T. Imaging Services, LLC, MRI Center — Fort Wayne Radiology, Inc. f/k/a Advanced Imaging Systems, Inc.).

    The data affected varies for each affected person, but may include an individual's name, telephone number, mailing address, username, hashed password, security question and answer, spousal information (name and potentially date of birth), email address, date of birth, Social Security number, lab results, health insurance policy information, diagnosis, disability code, doctor's name, medical conditions, and child's name and birth statistics.

    back to top
  • What NoMoreClipboard information was affected by this incident?
    The affected data relates to individuals who used a NoMoreClipboard portal/personal health record may include an individuals' name, home address, Social Security number, username, hashed password, spousal information (name and potentially date of birth), security question and answer, email address, date of birth, health information, and health insurance policy information.
    back to top
  • How will I know if I am affected?

    We are mailing notice letters to affected individuals for whom we have a valid mailing address. If you were affected and your records include a valid address, you will be mailed a notice letter on or before July 25, 2015.

    If you are affiliated with an affected Medical Informatics Engineering client and/or have a NoMoreClipboard account, and believe you are affected by this incident, but have not received a notice letter by August 15, 2015, you may call our toll free hotline. The hotline can be reached at (866) 328-1987, Monday through Friday, 9:00 a.m. to 9:00 p.m. Eastern Time, except for holidays.

    back to top
  • Will Medical Informatics Engineering provide affected individuals with credit monitoring?
    Yes. We are offering affected individuals a complimentary two-year membership to Experian's credit monitoring and identity protection services.
    back to top
  • I am having difficulty enrolling in Experian credit monitoring and identity protection services. What should I do?

    For those of you who received a letter regarding the data security compromise, we are hearing reports of difficulty signing up for two years of free credit monitoring and identity protection through Experian. Based on our discussions with many of you, here are some tips for enrolling:

    1. The fastest way to enroll is online.
    2. Make sure to go to www.protectmyid.com/protect to sign up — if you fail to include the /protect at the end of the web address, you will end up on Experian's regular retail site and there is not a place to enter your activation code. Visit www.protectmyid.com/protect and you will see a blue box in the middle of the page where you can enter that code.
    3. Your activation code can be found in the letter you received — on the NOTICE OF PRIVACY SAFEGUARDS page. Near the top of the page next to the number 3 you will find your personal activation code.
    4. We are also finding that people are using Google or other search engines to search for terms such as “protect my ID” and they are inadvertently choosing a website other than the Experian. While these sites may offer credit monitoring services, you will not be able to enroll using the activation code we provided. Go directly to www.protectmyid.com/protect to enroll for free.
    5. If you are a parent or guardian of a minor and you received an offer for Family Secure coverage, you will need to sign-up by phone. Call (866) 579-4461 and tell the call center agent you want to enroll in Family Secure.
      back to top
    6. What happens after my two-year membership for Experian's identity protection services expires?
      Once your two-year subscription ends you are eligible for long-term protection. This protection provides non-expiring fraud resolution support and connection to an Identity Theft Resolution agent at Experian. This added coverage is at no cost to you.
      back to top
    7. Why am I only being offered identity protection services for two (2) years? What if I experience identity theft or fraud years from now?
      There is helpful information in your notice letter on how you can protect yourself against identity theft or fraud, and this information can be used anytime, anywhere, by anyone. In addition, once you are enrolled in Experian's identity protection service, you will have access to an Identity Theft Resolution agent even after your membership expires.
      back to top
    8. I received a notice letter for myself and one for my child/children. Do I have to register both myself and my child/children to receive credit monitoring services?

      Individuals over 18 who are affected by this incident may be eligible to enroll in Experian's ProtectMyID coverage. Each individual needs to sign up themselves, as the sign-up process will require you to provide some personal information.

      If you have dependents under 18 who are affected by this incident, you can enroll in Experian's Family Secure service to help protect their identities. Only one adult needs to enroll per household. You will be asked to provide information about yourself and your children. Please note that if more than one minor in your household is affected by this incident, you may enroll all affected minors under the same Family Secure membership.

      back to top
    9. Who is responsible for the cyber attack?
      We are working closely with federal law enforcement investigators to determine those responsible. The investigation is ongoing.
      back to top
    10. What is Medical Informatics Engineering doing in response to this incident?

      We learned of this incident on May 26, 2015. We immediately began an investigation to determine the nature and scope of this incident. We retained independent third-party forensic experts to confirm the security of systems potentially affected by this incident and to identify individuals and data affected by this incident. On June 2, 2015, we began notifying affected Medical Informatics Engineering and NoMoreClipboard clients. We have also issued a press release on a national basis and posted notice on our websites.

      We are taking action to inform and support those affected by this incident. This includes sending written notice to affected individuals for whom we have valid addresses, establishing a call center, and engaging Experian to offer a complementary two-year membership to credit monitoring and identity protection services to potentially affected individuals.

      We are also continuing to take steps to remediate and enhance the security of our systems. Remedial efforts include removing the capabilities used by the intruder to gain unauthorized access to the affected systems, enhancing and strengthening password rules and storage mechanisms, increased active monitoring of the affected systems, and intelligence exchange with law enforcement. We have also instituted a universal password reset.

      back to top
    11. The notice letter I received mentions a universal password reset. How does that affect me?
      As an added security measure, Medical Informatics Engineering has instituted a password reset for all users of their applications. Healthcare providers have been prompted to reset their passwords, and if you use a NoMoreClipboard patient portal or personal health record, you will be prompted to change your password the next time you log in if you have not already done so.
      back to top
    12. I tried to log in to my NoMoreClipboard account, and it is instructing me to change my password. Is this legitimate?
      Yes, NoMoreClipboard is asking all users to change their passwords in order to better protect health information. You can go to your personal health record or patient portal powered by NoMoreClipboard where you will be instructed to select a method where NoMoreClipboard can contact you (either by text message on your cell phone, by automated voice message on your home phone, or by email). NoMoreClipboard will then send a 5-digit unique identifier by the method you select, and you will be prompted to enter that 5-digit number within five minutes. You will then be able to reset your password.
      back to top
    13. I am being asked to enter a 5-digit number sent to me by NoMoreClipboard, and to make sure my password is stronger. Is this really necessary?
      Unfortunately, cyber attacks targeting medical information are on the rise. We are sending you a 5-digit number and asking you to enter it as an added way to verify your identity. We are also enforcing password strength rules to make it more difficult for malicious individuals or organizations to determine your password. Additional measures are also being put in place at NoMoreClipboard to further protect your password.
      back to top
    14. I use my NoMoreClipboard password for other accounts and applications, should I change it?
      You should avoid using the same password for multiple accounts or applications, as this makes it easier for criminals who have obtained a stolen password to use it over and over. If you have used your NoMoreClipboard password elsewhere, it is a good idea to change it for those other accounts or applications.
      back to top
    15. What steps can I take to protect myself from identity theft or fraud?

      If you are affected by this incident, we encourage you to enroll in the credit and identity monitoring services we are making available to you through Experian. In addition to enrolling in these services, you should remain vigilant, review financial account statements, and monitor credit reports for suspicious activity.

      Obtain a copy of your credit report
      Under U.S. law, you are entitled to one free credit report annually from each of the three major credit bureaus. To order a free credit report, you may visit www.annualcreditreport.com or call, toll-free, 1-877-322-8228. You may also contact the three major credit bureaus directly to request a free copy of your credit report. You may want to order copies of your credit reports and check for any medical bills that you do not recognize. If you find anything suspicious, you can call the credit reporting agency at the phone number on the report. You may also keep a copy of notices for your records in case of future problems with your medical records. You may also want to request a copy of your medical records from your provider to serve as a baseline.

      At no charge, you can also have the credit bureaus place a “fraud alert” on your credit file that alerts creditors to take additional steps to verify an individual's identity prior to granting credit in the individual's name. Note, however, that because it tells creditors to follow certain procedures, it may also delay your ability to obtain credit while the agency verifies your identity. As soon as one credit bureau confirms your fraud alert, the others are notified to place fraud alerts on the file. Should you wish to place a fraud alert, or should you have any questions regarding your credit report, you may contact any one of the agencies listed below. Information regarding security freezes is also available from these agencies.

      Equifax, Consumer Fraud Division, P.O. Box 740256, Atlanta, GA 30374, (800) 525-6285, www.equifax.com

      Experian, Consumer Fraud Assistance, P.O. Box 9556, Allen, TX 75013, (888) 397-3742, www.experian.com

      TransUnion, Consumer Relations & Fraud Victim Assistance, 1561 E. Orangethorpe Avenue, Fullerton, CA 92831, (800) 372-8391, www.transunion.com

      You can also further educate yourself regarding identity theft, security freezes, and the steps to take to protect yourself by contacting the Federal Trade Commission and your State Attorney General.

      Federal Trade Commission
      600 Pennsylvania Avenue
      NW Washington, DC 20580
      www.ftc.gov/idtheft
      1-877-ID-THEFT (877-438-4338); TTY: 866-653-4261.

      The Federal Trade Commission encourages those who discover that their information has been misused to file a complaint with them. You can also obtain further information on how to file such a complaint by way of the contact information listed above.

      Instances of known or suspected identity theft or fraud should also be reported to law enforcement and the Attorney General in the state where you reside.

      For North Carolina residents, the Attorney General can be contacted at 9001 Mail Service Center, Raleigh, NC 27699-9001, (919) 716-6400, www.ncdoj.gov.

      For Maryland residents, the Attorney General can be contacted at 200 St. Paul Place, 16th Floor, Baltimore, MD 21202, (888) 743-0023,www.oag.state.md.us.

      For Kentucky residents, the Attorney General can be contacted at 700 Capitol Avenue, Suite 118, Frankfort, KY 40601-3449, (502) 696-5389, www.ag.ky.gov.

      For Massachusetts and West Virginia residents

      Under MA and WV law, you have the right to obtain any police report filed in regard to this incident. If you are the victim of identity theft, you also have the right to file a police report and obtain a copy of it. Under MA and WV law, you may place a security freeze on your credit reports. A security freeze prohibits a credit reporting agency from releasing any information from your credit report without your written authorization. However, please be advised that placing a security freeze on your credit report may delay, interfere with, or prevent the timely approval of any requests you make for new loans, credit mortgages, employment, housing, or other services.

      If you have been a victim of identity theft, and provide the credit reporting agency with a valid police report, it cannot charge you to place, lift or remove a security freeze. In all other cases, a credit reporting agency may charge you up to $5.00 in MA and $5.30 in WV each to place, temporarily lift, or permanently remove a security freeze.

      To place a security freeze on your credit report, you must send a written request to each of the three major consumer reporting agencies. In order to request a security freeze, you will need to provide the following information:

      1. Your full name (including middle initial as well as Jr., Sr., II, III, etc.);
      2. Social Security number;
      3. Date of birth;
      4. If you have moved in the past five (5) years, provide the addresses where you have lived over the prior five years;
      5. Proof of current address, such as a current utility bill or telephone bill;
      6. A legible photocopy of a government-issued identification card (state driver's license or ID card, military identification, etc.);
      7. If you are a victim of identity theft, include a copy of either the police report, investigative report, or complaint to a law enforcement agency concerning identity theft;
      8. If you are not a victim of identity theft, include payment by check, money order, or credit card (Visa, MasterCard, American Express or Discover only). Do not send cash through the mail.

      The credit reporting agencies have three (3) business days after receiving a request to place a security freeze on a credit file report. The credit bureaus must also send written confirmation to you within five (5) business days and provide you with a unique personal identification number (PIN) or password, or both, that can be used by you to authorize the removal or lifting of the security freeze. To lift the security freeze in order to allow a specific entity or individual access to your credit report, you must call or send a written request to the credit reporting agencies by mail and include proper identification (name, address, and Social Security number) and the PIN number or password provided to you when you placed the security freeze, as well as the identities of those entities or individuals you would like to receive your credit report or the specific period of time you want the credit report available. The credit reporting agencies have three (3) business days after receiving your request to remove the security freeze.

      Monitor your Explanation of Benefits
      You may also regularly review any Explanation of Benefits statement received from an insurer. If you see any service that you believe you did not receive, we suggest you call your insurer. If you do not receive a regular Explanation of Benefits statement, you may contact your provider and request them to send such statements following the provision of services.

      Be Aware of Phishing
      “Phishing” is when someone attempts to gain access to your personal and protected information by posing as a trustworthy organization. Phishing is often in the form of an email. These emails will appear to come from people or websites you trust, like your employer, vendors, and bank or credit card companies. Phishing emails often ask you to click on an internet link or an email attachment that disguises a virus or malicious software, or directly requests that you provide personal information either over the phone or through a form. If you suspect that you received a phishing email, do not click on any suspicious links or attachments contained in the email or otherwise respond to the sender.

      Medical Informatics Engineering and NoMoreClipboard do not request personal or protected information by email. If the suspicious email appears to be from one of your healthcare providers, you may contact the provider to verify the legitimacy of the email/request.

      back to top
    16. Who are the affected Medical Informatics Engineering clients?
      The affected Medical Informatics Engineering clients are: Concentra, Franciscan St. Francis Health Indianapolis, Gynecology Center, Inc. Fort Wayne, Rochester Medical Group, RediMed, Allied Physicians, Inc. d/b/a Fort Wayne Neurological Center (including Neurology, Physical Medicine and Neurosurgery), and Fort Wayne Radiology Association, LLC (including d/b/a Nuvena Vein Center and Dexa Diagnostics, Open View MRI, LLC, Breast Diagnostic Center, LLC, P.E.T. Imaging Services, LLC, MRI Center — Fort Wayne Radiology, Inc. f/k/a Advanced Imaging Systems, Inc.).
      back to top
    17. Who are the affected NoMoreClipboard clients?
      Advanced Cardiac Care
      Advanced Foot Specialists
      All About Childrens Pediatric Partners, PC
      Allen County Dept of Health
      Allied Physicians, Inc. d/b/a Fort Wayne Neurological Center (including Neurology, Physical Medicine and Neurosurgery)
      Altagracia Medical Center
      Anderson Family Medicine
      Arkansas Otolaryngology, P.A.
      Auburn Cardiology Associates
      Basedow Family Clinic Inc.
      Bastrop Medical Clinic
      Batish Family Medicine
      Beaver Medical
      Boston Podiatry Services PC
      Brian Griner M.D.
      Brightstarts Pediatrics
      Burnsville Medical Center
      Capital Rehabilitation
      Cardiovascular Consultants of Kansas
      Carl Gustafson OD
      Carolina Gastroenterology
      Carolina Kidney & Hypertension Center
      Carolinas Psychiatric Associates
      Center for Advanced Spinal Surgery
      Chang Neurosurgery & Spine Care
      Cheyenne County Hospital
      Children's Clinic of Owasso, P.C.
      Clara A. Lennox MD
      Claude E. Younes M.D., Inc.
      CMMC
      Coalville Health Center
      Cornerstone Medical and Wellness, LLC
      Cumberland Heart
      David A. Wassil, D.O.
      David M Mayer MD
      Dr. Alicia Guice
      Dr. Anne Hughes
      Dr. Buchele
      Dr. Clark
      Dr. Harvey
      Dr. John Labban
      Dr. John Suen
      Dr. Puleo
      Dr. Rajesh Rana
      Dr. Rustagi
      Dr. Schermerhorn
      Dr. Shah
      Ear, Nose & Throat Associates, P.C.
      East Carolina Medical Associates
      Eastern Washington Dermatology Associates
      Ellinwood District Hospital
      Family Care Chiropractic Center
      Family Practice Associates of Macomb
      Family Practice of Macomb
      Floyd Trillis Jr., M.D.
      Fredonia Regional Hospital
      Fremont Family Medicine
      Generations Primary Care
      Grace Community Health Center, Inc.
      Grisell Memorial Hospital
      Harding Pediatrics LLP
      Harlan County Health System
      Health Access Program
      Heart Institute of Venice
      Henderson Minor Outpatient Medicine
      Henry County Hospital myhealth portal
      Highgate Clinic
      Hobart Family Medical Clinic
      Howard Stierwalt, M.D.
      Howard University Hospital
      Hudson Essex Nephrology
      Huntington Medical Associates
      Huntington Medical Group
      Hutchinson Regional Medical Center
      Idaho Sports Medicine Institute
      In Step Foot & Ankle Specialists
      Independence Rehabilitation Inc
      Indiana Endocrine Specialists
      Indiana Internal Medicine Consultants
      Indiana Ohio Heart
      Indiana Surgical Specialists
      Indiana University
      Indiana University Health Center
      Indianapolis Gastroenterology and Hepatology
      Internal Medicine Associates
      IU — Northwest
      Jackson Neurolosurgery Clinic
      James E. Hunt, MD
      Jasmine K. Leong MD
      Jewell County Hospital
      John Hiestand, M.D.
      Jonathan F. Diller, M.D.
      Jubilee Community Health
      Kardous Primary Care
      Keith A. Harvey, M.D.
      Kenneth Cesa DPM
      Kings Clinic and Urgent Care
      Kiowa County Memorial Hospital
      Kristin Egan MD
      Lakeshore Family Practice
      Lane County Hospital
      Logan County Hospital
      Margaret Mary Health
      Masonboro Urgent Care
      McDonough Medical Group Psychiatry
      Medical Care, Inc.
      Medical Center of East Houston
      Medicine Lodge Memorial Hospital
      MedPartners
      MHP Cardiology
      Michael Mann, MD, PC
      Michelle Barnes Marshall, P.C.
      Michiana Gastroenterology, Inc.
      Minneola District Hospital
      Mora Surgical Clinic
      Moundridge Mercy Hospital Inc
      myhealthnow
      Nancy L. Carteron M.D.
      Naples Heart Rhythm Specialists
      Nate Delisi DO
      Neighborhood Health Clinic
      Neosho Memorial Regional Medical Center
      Neuro Spine Pain Surgery Center
      Norman G. McKoy, M.D. & Ass., P.A.
      North Corridor Internal Medicine
      Nova Pain Management
      Novapex Franklin
      Oakland Family Practice
      Oakland Medical Group
      Ohio Physical Medicine & Rehabilitation Inc.
      On Track For Life
      Ottawa County Health Center
      Pareshchandra C. Patel MD
      Parkview Health System, Inc. d/b/a Family Practice Associates of Huntington
      Parkview Health System, Inc. d/b/a Fort Wayne Cardiology
      Parrott Medical Clinic
      Partners In Family Care
      Personalized Health Care Of Tucson
      Phillips County Hospital
      Physical Medicine Consultants
      Physicians of North Worchester County
      Precision Weight Loss Center
      Primary & Alternative Medical Center
      Prince George's County Health Department
      Rebecca J. Kurth M.D.
      Relief Center
      Republic County Hospital
      Ricardo S. Lemos MD
      Richard A. Stone M.D.
      Richard Ganz MD
      River Primary Care
      Rolando P. Oro MD, PA
      Ronald Chochinov
      Sabetha Community Hospital
      Santa Cruz Pulmonary Medical Group
      Santone Chiropractic
      Sarasota Cardiovascular Group
      Sarasota Center for Family Health Wellness
      Sarasota Heart Center
      Satanta District Hospital
      Saul & Cutarelli MD's Inc.
      Shaver Medical Clinic, P. A.
      Skiatook Osteopathic Clinic Inc.
      Sleep Centers of Fort Wayne
      Smith County Hospital
      Smith Family Chiropractic
      Somers Eye Center
      South Forsyth Family Medicine & Pediatrics
      Southeast Rehabilitation Associates PC
      Southgate Radiology
      Southwest Internal Medicine & Pain Management
      Southwest Orthopaedic Surgery Specialists, PLC
      Stafford County Hospital
      Stephen Helvie MD
      Stephen T. Child MD
      Susan A. Kubica MD
      Texas Childrens Hospital
      The Children's Health Place
      The Heart & Vascular Specialists
      The Heart and Vascular Center of Sarasota
      The Imaging Center
      The Johnson Center for Pelvic Health
      The Medical Foundation, My Lab Results Portal
      Thompson Family Chiropractic
      Trego County Hospital
      Union Square Dermatology
      Volunteers in Medicine
      Wells Chiropractic Clinic
      Wichita County Health Center
      William Klope MD
      Wyoming Total Health Record Patient Portal
      Yovanni Tineo M.D.
      Zack Hall M.D.
      back to top
    18. How many individuals were affected by this incident?
      Approximately 3.9 million individuals associated with Medical Informatics Engineering and NoMoreClipboard were affected by this incident.
      back to top
    19. Need more information?
      If you have questions about this incident that are not answered here, you may contact our dedicated call center at (866) 328-1987, Monday through Friday, 9:00 a.m. to 9:00 p.m. Eastern Time, except for holidays.
      back to top
    © 2017 Medical Informatics Engineering. | All Rights Reserved