An estimated 1.5 million people in Indiana have been informed by Medical Informatics Engineering (MIE) that their information, including Social Security numbers and medical data, has been compromised by attackers.
MIE creates software for electronic medical records for healthcare providers. As a result, more than 11 healthcare providers were affected by the attack, including local companies and national outlets, as well as the federal government.
The company
said that hackers had access to the MIE servers for nearly three weeks, which means that the attackers were likely exfiltrating all of that personally identifiable information (PII) and selling it long before this information was made known to the public.
Cyber-criminals can of course use this information in many ways: Identity theft, or in crafting spear-phishing emails that may be sent to the victims of the breach. They would use the PII to make the email seem legitimate, thus leading to a malware infection.