Indiana attorney general sues provider over violation of consumer protection privacy laws WVXU

pIndiana Attorney General Todd Rokita is suing a northwest Indiana medical office over a ransomware event that put personal and protected health information at risk The lawsuit alleges the provider was aware of security concerns before the data breachppThe lawsuit filed last week against CarePointe an ear nose throat sinus and hearing provider claims it was aware of security risks prior to a ransomware event in 2021 that exposed the information of about 45000 Indiana patientsppThe lawsuit said an IT vendor identified security concerns in a written HIPAA risk assessment in January that year That vendor was hired in March to address the issues but they werent fixed before the data breach in June The state and patients were notified of the data breach in AugustppAdditionally CarePointe did not execute a business associate agreement with the vendor until April meaning the IT vendor had access to patient information before they were considered a covered entity according to the HIPAA security ruleppThe suit includes two counts for violations of federal HIPAA law and two counts for violations of state data privacy and consumer protection lawsppThe office of the attorney general is suing for injunctive relief damages and attorney fees and costsppAbigail is our health reporter Contact them at aruhmanwboiorgp