UNITED STATES DISTRICT COURT NORTHERN DISTRICT OF …...pocket costs for credit freezes, credit reports, and other protective measures to detect or deter identity theft. 10. Defendant

1

UNITED STATES DISTRICT COURT

NORTHERN DISTRICT OF INDIANA

FORT WAYNE DIVISION

_______________________________________

)

FLOYD HARRIS, on behalf of ) Class Action Complaint

himself and all others similarly situated, )

) Demand for Jury Trial

Plaintiff, )

)

vs. ) No. 1:15-cv-225

)

MEDICAL INFORMATICS )

ENGINEERING, INC., )

)

Defendant. )

_______________________________________)

CLASS ACTION COMPLAINT

Plaintiff Floyd Harris (“Plaintiff”), on behalf of himself and all others similarly situated,

alleges as follows:

NATURE OF THE CASE

1. This is a data breach class action on behalf of 3.9 million patients whose sensitive

personal information including Social Security numbers and medical histories was stolen from

Defendant Medical Informatics Engineering, Inc. (“Defendant”) in a cyber-attack.

2. Defendant failed to adequately safeguard class members’ personal information.

Lack of proper safeguards provided a means for unauthorized intruders to enter into Defendant’s

computer network and steal class members’ personal information.

3. According to Defendant’s public announcement of the breach, the compromised

data included “name, telephone number, mailing address, username, hashed password, security

question and answer, spousal information (name and potentially date of birth), email address,

USDC IN/ND case 1:15-cv-00225-RLM-SLC document 1 filed 08/20/15 page 1 of 18

2

date of birth, Social Security number, lab results, health insurance policy information, diagnosis,

disability code, doctor’s name, medical conditions, and child’s name and birth statistics.”1

4. Armed with this highly sensitive information, computer hackers can open new

financial accounts in victims’ names, obtain medical services using victims’ identities, and

commit other forms of identity theft.

5. Defendant’s business includes entering into contracts with hospitals and health

care facilities to provide electronic storage and administration of patient medical records.

6. On May 7, 2015, unauthorized third parties entered into Defendant’s computer

network.

7. On May 26, 2015, nineteen days after the initial intrusion, Defendant discovered

suspicious activity on one of its servers.

8. On June 10, 2015, Defendant publicly announced the breach.

9. As a result of the breach, Plaintiff and class members have been exposed to a

heightened and imminent risk of fraud and identity theft. Plaintiff and class members must now

closely monitor their financial accounts and medical information to guard against identity theft,

and spend time and money addressing any identity theft. Class members may also incur out of

pocket costs for credit freezes, credit reports, and other protective measures to detect or deter

identity theft.

10. Defendant has been unjustly enriched in connection with its wrongdoing.

Defendant received fees from hospitals and health care facilities to electronically administer

class members’ personal and medical information. Part of those fees was intended to fund

adequate data security. Defendant failed to provide adequate security. Defendant received an

unjust monetary benefit given its failure to provide adequate safeguards over Class members’

1 https://www.mieweb.com/notice/faqs (last visited Aug. 18, 2015).


3

sensitive information.

11. Plaintiff seeks to remedy these harms on behalf of himself and all similarly-

situated individuals whose personal and medical information was accessed during the breach.

12. Plaintiff seeks remedies including improved data security, continued credit

monitoring services, reimbursement of out-of-pocket losses, and disgorgement of Defendant’s

unjustly retained fees.

PARTIES

13. Plaintiff Floyd Harris is domiciled in and a citizen of Michigan. He received a

letter from Defendant dated July 17, 2015 stating that his “personal and protected health

information” was compromised in the data breach. The letter stated that his Social Security

number, address, phone number, email address, birth date, username, password, and security

question was compromised. The letter implied that Defendant obtained Plaintiff’s personal and

medical information in connection with services Plaintiff received at a local hospital. The

hospital is a client of Defendant that entrusted Defendant with Plaintiff’s personal and medical

information.

14. Plaintiff would not have allowed Defendant to obtain his sensitive information

had he been aware that Defendant lacked adequate data security safeguards.

15. Defendant Medical Informatics Engineering, Inc. is a citizen of Indiana.

Defendant is incorporated in Indiana and has its principal place of business at 6302 Constitution

Drive, Fort Wayne, IN 46804.

16. Defendant provides electronic medical records services to hospitals, health care

providers, and patients.


4

JURISDICTION & VENUE

17. This Court has diversity jurisdiction under the Class Action Fairness Act, 28

U.S.C. § 1332(d), because this is a class action involving more than 100 class members, the

amount in controversy exceeds $5,000,000 exclusive of interest and costs, and many members of

the class are citizens of states different from Defendant.

18. Venue is proper in this Court pursuant to 28 U.S.C. § 1391 because Defendant is

headquartered here and regularly transacts business here, and some of the class members reside

in this District. The causes of action also arose, in part, in this District.

FACTS

19. Defendant’s core business is to provide the electronic sharing of information

throughout a “healthcare community that includes hospitals, physicians, laboratories and

diagnostic testing facilities and – of course – patients.”2

20. Defendant’s data sharing systems are “100 percent web based and can be accessed

via any web-enabled device, from office desktop computers, to laptops or tablets, to mobile

phones.”3

21. Defendant sells its services to hospitals and health care facilities.

22. Defendant operates a subsidiary, NoMoreClipboard, which provides electronic

data storage services directly to patients free of charge.4 The NoMoreClipboard website states:

A NoMoreClipboard personal health record (PHR) is the better way to manage

your medical information: all in one place, online. No matter what systems your

doctors use, you can create, update, organize, store and access your

2 http://www.mieweb.com/company/about (last visited Aug. 18, 2015).

3 http://www.mieweb.com/company/about (last visited Aug. 18, 2015).

4 https://www.nomoreclipboard.com/patients/faqs (last visited Aug. 18, 2015).


5

NoMoreClipboard records any time, using any computer, tablet or smartphone.5

According to the NoMoreClipboard website, a patient’s electronic health record may contain,

among other things, “lab results, medication lists, immunization records, patient visit summaries,

radiology, and other diagnostic reports.”6

I. Defendant’s Data Breach

23. Defendant posted the following notice on its website:

Fort Wayne, Indiana, July 23, 2015 – Medical Informatics Engineering is

providing an update to our June 10, 2015 notice of a data security compromise

that has affected the security of some personal and protected health information

relating to certain clients and individuals who have used a Medical Informatics

Engineering electronic health record. We emphasize that the patients of only

certain clients of Medical Informatics Engineering were affected by this

compromise and those clients have all been notified.

On May 26, 2015, we discovered suspicious activity in one of our servers. We

immediately began an investigation to identify and remediate any identified

security vulnerability. Our first priority was to safeguard the security of personal

and protected health information, and we have been working with a team of third-

party experts to investigate the attack and enhance data security and protection.

This investigation is ongoing. . . . The investigation indicates this is a

sophisticated cyber attack. Our forensic investigation indicates the unauthorized

access to our network began on May 7, 2015. Our monitoring systems helped

us detect this unauthorized access, and we were able to shut down the attackers as

they attempted to access client data.

We are continuing to take steps to remediate and enhance the security of our

systems. Remedial efforts include removing the capabilities used by the intruder

to gain unauthorized access to the affected systems, enhancing and strengthening

password rules and storage mechanisms, increased active monitoring of the

affected systems, and intelligence exchange with law enforcement. We have also

instituted a universal password reset.

Information compromised

While investigations into this incident are ongoing, we determined the security of

some personal and protected health information contained on Medical Informatics

Engineering’s network has been affected. The affected data relating to

individuals affiliated with affected Medical Informatics Engineering clients may

5 https://www.nomoreclipboard.com/patients/ (last visited Aug. 18, 2015).

6 https://www.nomoreclipboard.com/patients/about (last visited Aug. 18, 2015).


6

include an individual’s name, telephone number, mailing address, username,

hashed password, security question and answer, spousal information (name

and potentially date of birth), email address, date of birth, Social Security

number, lab results, health insurance policy information, diagnosis, disability

code, doctor's name, medical conditions, and child’s name and birth

statistics.

Notification

On June 2, 2015, we began contacting and mailing notice letters disclosing this

incident to affected Medical Informatics Engineering clients.

On July 17, 2015, we began mailing notice letters to affected individuals for

whom we have a valid postal address through U.S. mail, and we expect those

letters to be mailed on or before July 25, 2015. Information contained in the

notice letter is available at www.mieweb.com. We have also disclosed this

incident to certain state and federal regulators and to the consumer reporting

agencies.

Identity protection services

As the investigations continue, and out of an abundance of caution, we are

offering affected individuals access to two years of credit monitoring and

identity protection services at no cost.7

24. Defendant provided a list of its clients that were affected by the breach.8 There

were 11 healthcare providers and 44 radiology centers affected by the breach. The personal and

medical information of those clients’ patients was compromised during the breach.

25. The breach also extended to Defendant’s NoMoreClipboard subsidiary.9

26. Defendant recommended that breach victims place a security freeze on their credit

report.10

Defendant acknowledged that credit reporting agencies may impose fees for credit

7 https://www.mieweb.com/notice/ (last visited Aug. 18, 2015) (emphasis added).

8 Id.

9 https://www.nomoreclipboard.com/notice (last visited Aug. 18, 2015).

10

https://www.mieweb.com/notice/ (last visited Aug. 18, 2015).


7

freezes in certain states.11

Such fees constitute out-of-pocket costs to Class members.

27. The Indiana Attorney General (“AG”) is investigating the breach. The AG

recommended that affected individuals sign up for a “credit freeze” on their credit report, and

that they review and monitor their credit report.12

28. Credit reporting agencies offer consumers one free credit report per year.

Individuals who request more than one credit report per year must pay a fee for the additional

report. Such fees constitute out-of-pocket costs to Class members.

29. The breach affected 3.9 million individuals.13

30. There was a 19 day lag between the date of the intrusion and the date Defendant

discovered suspicious activity on its servers. This lengthy lag is indicative of weak data

monitoring procedures.

II. Defendant’s Privacy Policy

31. Defendant posted its privacy policy on its website. The privacy policy stated in

relevant part: “[P]rotecting your privacy is of the utmost importance. Information furnished by

you to us will be treated with the greatest respect.”14

32. Defendant’s subsidiary NoMoreClipboard posted its privacy policy on its website.

That privacy policy stated in relevant part:

[L]aws have been enacted to honor the privileged nature of information

exchanged between patients and their doctors. HIPAA, the guiding rule of law on

patient privacy, asserts that safeguards must be in place for ‘protected health

11

https://www.mieweb.com/notice/ (last visited Aug. 18, 2015).

12

http://www.in.gov/activecalendar/EventList.aspx?view=EventDetails&eventidn=222333&

information_id=217385 (last visited Aug. 18, 2015).

13

https://www.mieweb.com/notice/faqs (last visited Aug. 18, 2015). 14

http://www.mieweb.com/privacy (last visited Aug. 18, 2015).


8

information’, defined by that same law as ‘individually identifiable information.’ .

. .

. . . .

NoMoreClipboard.com was designed to support the privacy and security

requirements of HIPAA while enabling you to use the service from any computer

with Internet access. . . . As it pertains to NoMoreClipboard.com, our

responsibilities are to make the information you provide on our site available to

you, and to administer the system to ensure that your privacy and security are

protected.15

33. NoMoreClipboard provided additional information about its privacy practices as

follows:

Is NoMoreClipboard information confidential and secure?

Yes. The NoMoreClipboard site uses the same type of Secure Socket Layer (SSL)

account security used by financial institutions and major retailers. Further, the

site’s security is approved by VeriSign™, the leading certificate authority on the

internet. Your information resides at our US-based corporate data center, stored

behind a firewall that protects your records from unauthorized users. . . .

NoMoreClipboard will never share any of your personal information, including

your email address, without your express permission.

. . . .

Does NoMoreClipboard follow appropriate privacy practices?

NoMoreClipboard works diligently to keep your health information private, safe

and secure. . . . 16

34. The implication from these privacy policies is that Defendant will adequately

safeguard Class members’ data, and that Defendant is unaware of material data security

vulnerabilities.

III. Identity Theft Consequences

35. According to the U.S. Secret Service, identity thieves can use Social Security

15

https://www.nomoreclipboard.com/privacy/full-policy (last visited Aug. 18, 2015).

16

https://www.nomoreclipboard.com/patients/faqs (last visited Aug. 18, 2015).


9

numbers and related information to perpetrate a variety of crimes including, e.g., opening new

financial accounts in another person’s name; taking out loans in another person’s name; opening

utility accounts; obtaining medical services using the victim’s information; using the victim’s

information to obtain government benefits; filing a fraudulent tax return using the victim’s

information to obtain a tax refund; obtaining a driver’s license or identification card in the

victim’s name but with another person’s picture; or giving false information to police during an

arrest.17

36. Health care companies like Defendant have an obligation to maintain the security

of patients’ personal and financial information. The New York Times has reported that the

“threat of a hacking is particularly acute in the health care and financial services industry, where

companies routinely keep the most sensitive personal information about their customers on large

databases.”18

37. Indeed, on April 8, 2014, the FBI’s Cyber Division publicly issued an Industry

Notification titled “Health Care Systems and Medical Devices at Risk for Increased Cyber

Intrusions for Financial Gain.” The notification cautioned that “[c]yber actors will likely

increase cyber intrusions against health care systems . . . due to . . . lax cybersecurity standards,

and a higher financial payout for medical records in the black market.”19

CLASS ACTION ALLEGATIONS

38. Plaintiff brings all claims as class claims under Federal Rule of Civil Procedure

23. The requirements of Federal Rule of Civil Procedure 23(a), 23(b)(2), and 23(b)(3) are met

17

www.secretservice.gov/press/Take_Charge.pdf (last visited Aug. 10, 2015).

18

http://www.nytimes.com/2015/02/05/business/hackers-breached-data-of-millions-insurer-says.html

(last visited Aug. 10, 2015).

19

https://info.publicintelligence.net/FBI-HealthCareCyberIntrusions.pdf (last visited Aug. 10, 2015).


10

with respect to the Class.

39. The proposed class (“Class”) is defined as follows:

All persons in the United States whose personal information was accessed by

unauthorized individuals in the Medical Informatics Engineering, Inc. data

breach.

40. Excluded from the Class are Defendant and its current or former employees.

41. The Class is so numerous that joinder of all members is impracticable. The Class

includes approximately 3.9 million individuals whose personal information was compromised by

the data breach.

42. There are various questions of law and fact common to Plaintiffs and the class,

including but not limited to the following:

whether Defendant engaged in the wrongful conduct alleged herein;

whether Defendant owed a duty to Plaintiff and class members to adequately

protect their personal information;

whether Defendant breached its duties to protect the personal information of

Plaintiff and class members by failing to provide adequate data security;

whether Defendant knew or should have known that its data security systems

were vulnerable to attack;

whether Plaintiff and class members suffered legally cognizable damages as a

result of Defendant’s conduct; and

whether Plaintiff and class members are entitled to equitable relief, including

injunctive relief, restitution, or disgorgement.

43. Plaintiff’s claims are typical of the claims of the Class in that Plaintiff, like all

Class members, had his personal information compromised in the data breach.


11

44. Plaintiff will fairly and adequately protect the interests of the Class. Plaintiff has

retained counsel experienced in class action and complex litigation, including data breach

litigation.

45. Plaintiff has no interests that are adverse to, or in conflict with, the Class.

46. Questions of law and fact common to the Class predominate over any questions

which may affect only individual Class members.

47. A class action is superior to other available methods for the fair and efficient

adjudication of the controversy. Class treatment of common questions of law and fact is superior

to multiple individual actions or piecemeal litigation.

48. Absent a class action, most Class members would likely find the cost of litigating

their claims prohibitively high and would therefore have no effective remedy.

49. The prosecution of separate actions by individual Class members would create a

risk of inconsistent or varying adjudications with respect to individual Class members, which

would establish incompatible standards of conduct for Defendant. In contrast, the conduct of this

action as a class action presents far fewer management difficulties, conserves judicial resources

and the parties’ resources, and protects the rights of each Class member.

50. Defendant has acted on grounds that apply generally to the Class, so that

injunctive relief is appropriate with respect to the class as a whole under Fed. R. Civ. P. 23(b)(2).

COUNT I – NEGLIGENCE

51. Plaintiff incorporates by reference those paragraphs set out above as if fully set

forth herein.

52. Defendant owed a duty to Plaintiff and Class members to exercise reasonable care

in obtaining, retaining, and safeguarding their personal and medical information. This duty


12

included, among other things, designing, maintaining, monitoring, and testing Defendant’s

security systems to ensure that Class members’ personal and medical information was adequately

secured. Defendant owed a duty to Class members to implement intrusion detection processes

that would detect a data breach in a timely manner. Defendant also had a duty to delete any

personal information that was no longer needed to serve client needs.

53. Defendant’s privacy policy acknowledged Defendant’s duty to adequately protect

Class members’ personal and medical information.

54. Defendant owed a duty to safeguard Class members’ personal and financial

information as set forth in HIPPA, e.g., 45 C.F.R. §§ 164.306(a), 308(a), 312(a) & (d); 45 C.F.R.

§ 164.530(c).

55. Defendant owed a duty to provide Class members with timely notice that their

personal and financial information had been accessed by unauthorized individuals.

56. Defendant owed a duty to disclose the material fact that Defendant’s data security

practices were inadequate to safeguard Class members’ personal information.

57. Defendant breached its duties by, among other things: (a) failing to maintain

adequate data security practices to safeguard Class members’ personal and medical information;

(b) failing to detect the data breach in a timely manner; and (c) failing to disclose that

Defendant’s data security practices were inadequate to safeguard Class members’ personal and

medical information.

58. But for Defendant’s breach of duties, Class members’ personal and medical

information would not have been accessed by unauthorized individuals.

59. Plaintiff and Class members were foreseeable victims of Defendant’s inadequate

security practices. Defendant knew or should have known that a breach of its systems would


13

cause damages to Class members.

60. Plaintiff and the Class suffered damages as set forth in paragraph 9 above.

61. The damages to Plaintiff and the Class were caused by, and a proximate result of,

Defendant’s breach of its duties.

COUNT II - BREACH OF IMPLIED CONTRACT


forth herein.

63. When Class members provided their personal and medical information to

Defendant, or allowed hospitals and health care providers to provide Class members’ personal

and medical information to Defendant, Class members entered into implied contracts with

Defendant. Pursuant to those implied contracts, Defendant agreed to take reasonable measures

to safeguard and protect Class members’ sensitive information.

64. Plaintiff and Class members would not have entrusted their personal and medical

information to Defendant in the absence of Defendant’s implied promise to adequately safeguard

the data.

65. Defendant breached the implied contracts by failing to provide reasonable data

security measures to safeguard the sensitive information.

66. The damages sustained by Plaintiff and Class members described in paragraph 9

above were the direct and proximate result of Defendant’s breaches of its implied contracts.

COUNT III - BREACH OF EXPRESS CONTRACT


forth herein.

68. Defendant entered into express contracts with those Class members who signed


14

up with Defendant through Defendant’s NoMoreClipboard subsidiary.

69. Moreover, Plaintiff and Class members are intended third party beneficiaries of

Defendant’s contracts with hospitals and health care facilities.

70. Also, Defendant has a contractual obligation to maintain the security of Class

members’ personal and medical information as noted in Defendant’s privacy policy.

71. When Class members provided their personal and medical information to

Defendant, Class members entered into contracts with Defendant pursuant to which Defendant

agreed to take reasonable measures to safeguard and protect such information.

72. Similarly, when hospitals and medical facilities provided Class members’

personal and medical information to Defendant, Class members were the intended third party

beneficiaries of Defendant’s duty to safeguard the data.

73. Plaintiff and Class members would not have entrusted their personal and medical

information to Defendant, directly or indirectly, in the absence of Defendant’s promise to

adequately safeguard the data.

74. Defendant breached the contracts it entered into by failing to provide reasonable

data security measures.

75. The damages sustained by Plaintiff and Class members described in paragraph 9

above were the direct and proximate result of Defendant’s breaches of its contracts.

COUNT IV – VIOLATION OF THE

INDIANA DECEPTIVE CONSUMER SALES ACT


forth herein.

77. Defendant’s conduct in failing to adequately safeguard Class members’ personal

and medical information violated Ind. Code § 24-5-0.5-3(a).


15

78. Defendant represented that it would adequately protect Class members’

information, but Defendant failed to do so. Defendant failed to maintain adequate data security

practices, failed to detect the data intrusion in a timely manner, and failed to disclose the fact that

its data security systems were inadequate to prevent a data intrusion.

79. Plaintiff and Class members relied on Defendant’s misrepresentations and

omissions.

80. Defendant’s deceptive acts and omissions were conducted as part of a scheme,

artifice, or device with intent to defraud or mislead. Defendant’s conduct constitutes an

incurable deceptive act under Ind. Code § 24-5-.05-4(a) and §24-5-0.5-2(a)(8).

81. Plaintiff and Class members are entitled to the greater of actual damages or $500

in statutory damages under Ind. Code § 24-5-0.5-4(a).

82. With respect to Defendant’s willful deceptive acts, Plaintiff and Class members

are entitled to the greater of three times the actual damages or $1,000 in statutory damages under

Ind. Code § 24-5-0.5-4(a).

83. Plaintiff and Class members are also entitled to reasonable attorney fees under

Ind. Code § 24-5-0.5-4(a).

COUNT V – UNJUST ENRICHMENT


forth herein.

85. Defendant received monetary benefits in the form of fees paid by hospitals and

health care providers to provide electronic storage and administration of Class members’

sensitive information.

86. Monies paid to Defendant were intended to be used by Defendant, in part, to fund


16

reasonable data security.

87. Defendant failed to provide reasonable data security. As a result, Defendant was

unjustly enriched.

88. Under principles of equity, Defendant should not be permitted to retain a portion

of the money it received.

89. Defendant wrongfully accepted and retained monetary benefits to the detriment of

Plaintiff and Class members.

90. As a result of Defendant’s wrongful conduct, Plaintiff and the Class are entitled to

restitution and disgorgement of a portion of the fees received by Defendant.

RELIEF REQUESTED

Plaintiff, on behalf of himself and all others similarly situated, requests that the Court

enter judgment against Defendant as follows:

1. An award to Plaintiff and the Class of compensatory, consequential, incidental,

and statutory damages;

2. An award of further credit monitoring and identity theft protection services

beyond the two years Defendant is currently offering;

3. Injunctive relief requiring Defendant to strengthen its data security systems and

submit to future periodic audits;

4. An award of attorneys’ fees, costs, and expenses, as provided by law or equity;

5. An award of pre-judgment and post-judgment interest, as provided by law or

equity; and

6. Such other or further relief as the Court may allow.


17

DEMAND FOR JURY TRIAL

Plaintiff demands a trial by jury of all issues in this action so triable of right.


18

Dated: August 20, 2015 Respectfully submitted,

s/ Irwin B. Levin

COHEN & MALAD, LLP

Irwin B. Levin, No. 8786-49

Richard E. Shevitz, No. 12007-49

Vess A. Miller, No. 26495-53

Lynn A. Toops, No. 26386-49A

One Indiana Square, Suite 1400

Indianapolis, IN 46204

Telephone: (317) 636-6481

Fax: (317) 636-2593

[email protected]

[email protected]

[email protected]

[email protected]

BERGER & MONTAGUE, P.C.

Sherrie Savett

Shanon Carson

Jon Lambiras

1622 Locust St.

Philadelphia, PA 19103

Telephone: (215) 875-3000

Fax: (215) 875-4604

[email protected]

[email protected]

[email protected]

Counsel for Plaintiff and the Proposed Class


JS 44 (Rev. 12/12) CIVIL COVER SHEETThe JS 44 civil cover sheet and the information contained herein neither replace nor supplement the filing and service of pleadings or other papers as required by law, except asprovided by local rules of court. This form, approved by the Judicial Conference of the United States in September 1974, is required for the use of the Clerk of Court for thepurpose of initiating the civil docket sheet. (SEE INSTRUCTIONS ON NEXT PAGE OF THIS FORM.)

I. (a) PLAINTIFFS DEFENDANTS

(b) County of Residence of First Listed Plaintiff County of Residence of First Listed Defendant(EXCEPT IN U.S. PLAINTIFF CASES) (IN U.S. PLAINTIFF CASES ONLY)

NOTE: IN LAND CONDEMNATION CASES, USE THE LOCATION OF THE TRACT OF LAND INVOLVED.

(c) Attorneys (Firm Name, Address, and Telephone Number) Attorneys (If Known)

II. BASIS OF JURISDICTION (Place an “X” in One Box Only) III. CITIZENSHIP OF PRINCIPAL PARTIES (Place an “X” in One Box for Plaintiff(For Diversity Cases Only) and One Box for Defendant)

’ 1 U.S. Government ’ 3 Federal Question PTF DEF PTF DEFPlaintiff (U.S. Government Not a Party) Citizen of This State ’ 1 ’ 1 Incorporated or Principal Place ’ 4 ’ 4

of Business In This State

’ 2 U.S. Government ’ 4 Diversity Citizen of Another State ’ 2 ’ 2 Incorporated and Principal Place ’ 5 ’ 5Defendant (Indicate Citizenship of Parties in Item III) of Business In Another State

Citizen or Subject of a ’ 3 ’ 3 Foreign Nation ’ 6 ’ 6 Foreign Country

IV. NATURE OF SUIT (Place an “X” in One Box Only)CONTRACT TORTS FORFEITURE/PENALTY BANKRUPTCY OTHER STATUTES

’ 110 Insurance PERSONAL INJURY PERSONAL INJURY ’ 625 Drug Related Seizure ’ 422 Appeal 28 USC 158 ’ 375 False Claims Act’ 120 Marine ’ 310 Airplane ’ 365 Personal Injury - of Property 21 USC 881 ’ 423 Withdrawal ’ 400 State Reapportionment’ 130 Miller Act ’ 315 Airplane Product Product Liability ’ 690 Other 28 USC 157 ’ 410 Antitrust’ 140 Negotiable Instrument Liability ’ 367 Health Care/ ’ 430 Banks and Banking’ 150 Recovery of Overpayment ’ 320 Assault, Libel & Pharmaceutical PROPERTY RIGHTS ’ 450 Commerce

& Enforcement of Judgment Slander Personal Injury ’ 820 Copyrights ’ 460 Deportation’ 151 Medicare Act ’ 330 Federal Employers’ Product Liability ’ 830 Patent ’ 470 Racketeer Influenced and’ 152 Recovery of Defaulted Liability ’ 368 Asbestos Personal ’ 840 Trademark Corrupt Organizations

Student Loans ’ 340 Marine Injury Product ’ 480 Consumer Credit (Excludes Veterans) ’ 345 Marine Product Liability LABOR SOCIAL SECURITY ’ 490 Cable/Sat TV

’ 153 Recovery of Overpayment Liability PERSONAL PROPERTY ’ 710 Fair Labor Standards ’ 861 HIA (1395ff) ’ 850 Securities/Commodities/ of Veteran’s Benefits ’ 350 Motor Vehicle ’ 370 Other Fraud Act ’ 862 Black Lung (923) Exchange

’ 160 Stockholders’ Suits ’ 355 Motor Vehicle ’ 371 Truth in Lending ’ 720 Labor/Management ’ 863 DIWC/DIWW (405(g)) ’ 890 Other Statutory Actions’ 190 Other Contract Product Liability ’ 380 Other Personal Relations ’ 864 SSID Title XVI ’ 891 Agricultural Acts’ 195 Contract Product Liability ’ 360 Other Personal Property Damage ’ 740 Railway Labor Act ’ 865 RSI (405(g)) ’ 893 Environmental Matters’ 196 Franchise Injury ’ 385 Property Damage ’ 751 Family and Medical ’ 895 Freedom of Information

’ 362 Personal Injury - Product Liability Leave Act Act Medical Malpractice ’ 790 Other Labor Litigation ’ 896 Arbitration

REAL PROPERTY CIVIL RIGHTS PRISONER PETITIONS ’ 791 Employee Retirement FEDERAL TAX SUITS ’ 899 Administrative Procedure’ 210 Land Condemnation ’ 440 Other Civil Rights Habeas Corpus: Income Security Act ’ 870 Taxes (U.S. Plaintiff Act/Review or Appeal of ’ 220 Foreclosure ’ 441 Voting ’ 463 Alien Detainee or Defendant) Agency Decision’ 230 Rent Lease & Ejectment ’ 442 Employment ’ 510 Motions to Vacate ’ 871 IRS—Third Party ’ 950 Constitutionality of’ 240 Torts to Land ’ 443 Housing/ Sentence 26 USC 7609 State Statutes’ 245 Tort Product Liability Accommodations ’ 530 General’ 290 All Other Real Property ’ 445 Amer. w/Disabilities - ’ 535 Death Penalty IMMIGRATION

Employment Other: ’ 462 Naturalization Application’ 446 Amer. w/Disabilities - ’ 540 Mandamus & Other ’ 465 Other Immigration

Other ’ 550 Civil Rights Actions’ 448 Education ’ 555 Prison Condition

’ 560 Civil Detainee - Conditions of Confinement

V. ORIGIN (Place an “X” in One Box Only)

’ 1 OriginalProceeding

’ 2 Removed fromState Court

’ 3 Remanded fromAppellate Court

’ 4 Reinstated orReopened

’ 5 Transferred fromAnother District(specify)

’ 6 MultidistrictLitigation

VI. CAUSE OF ACTION

Cite the U.S. Civil Statute under which you are filing (Do not cite jurisdictional statutes unless diversity): Brief description of cause:

VII. REQUESTED IN COMPLAINT:

’ CHECK IF THIS IS A CLASS ACTIONUNDER RULE 23, F.R.Cv.P.

DEMAND $ CHECK YES only if demanded in complaint:JURY DEMAND: ’ Yes ’ No

VIII. RELATED CASE(S) IF ANY (See instructions):

JUDGE DOCKET NUMBERDATE SIGNATURE OF ATTORNEY OF RECORD

FOR OFFICE USE ONLY

RECEIPT # AMOUNT APPLYING IFP JUDGE MAG. JUDGE

USDC IN/ND case 1:15-cv-00225-RLM-SLC document 1-1 filed 08/20/15 page 1 of 2

JS 44 Reverse (Rev. 12/12)

INSTRUCTIONS FOR ATTORNEYS COMPLETING CIVIL COVER SHEET FORM JS 44

Authority For Civil Cover Sheet

The JS 44 civil cover sheet and the information contained herein neither replaces nor supplements the filings and service of pleading or other papers asrequired by law, except as provided by local rules of court. This form, approved by the Judicial Conference of the United States in September 1974, isrequired for the use of the Clerk of Court for the purpose of initiating the civil docket sheet. Consequently, a civil cover sheet is submitted to the Clerk ofCourt for each civil complaint filed. The attorney filing a case should complete the form as follows:

I.(a) Plaintiffs-Defendants. Enter names (last, first, middle initial) of plaintiff and defendant. If the plaintiff or defendant is a government agency, use only the full name or standard abbreviations. If the plaintiff or defendant is an official within a government agency, identify first the agency and then the official, giving both name and title.

(b) County of Residence. For each civil case filed, except U.S. plaintiff cases, enter the name of the county where the first listed plaintiff resides at the time of filing. In U.S. plaintiff cases, enter the name of the county in which the first listed defendant resides at the time of filing. (NOTE: In land condemnation cases, the county of residence of the "defendant" is the location of the tract of land involved.)

(c) Attorneys. Enter the firm name, address, telephone number, and attorney of record. If there are several attorneys, list them on an attachment, notingin this section "(see attachment)".

II. Jurisdiction. The basis of jurisdiction is set forth under Rule 8(a), F.R.Cv.P., which requires that jurisdictions be shown in pleadings. Place an "X" in one of the boxes. If there is more than one basis of jurisdiction, precedence is given in the order shown below.United States plaintiff. (1) Jurisdiction based on 28 U.S.C. 1345 and 1348. Suits by agencies and officers of the United States are included here.United States defendant. (2) When the plaintiff is suing the United States, its officers or agencies, place an "X" in this box.Federal question. (3) This refers to suits under 28 U.S.C. 1331, where jurisdiction arises under the Constitution of the United States, an amendment to the Constitution, an act of Congress or a treaty of the United States. In cases where the U.S. is a party, the U.S. plaintiff or defendant code takes precedence, and box 1 or 2 should be marked.Diversity of citizenship. (4) This refers to suits under 28 U.S.C. 1332, where parties are citizens of different states. When Box 4 is checked, the citizenship of the different parties must be checked. (See Section III below; NOTE: federal question actions take precedence over diversity cases.)

III. Residence (citizenship) of Principal Parties. This section of the JS 44 is to be completed if diversity of citizenship was indicated above. Mark thissection for each principal party.

IV. Nature of Suit. Place an "X" in the appropriate box. If the nature of suit cannot be determined, be sure the cause of action, in Section VI below, is sufficient to enable the deputy clerk or the statistical clerk(s) in the Administrative Office to determine the nature of suit. If the cause fits more than one nature of suit, select the most definitive.

V. Origin. Place an "X" in one of the six boxes.Original Proceedings. (1) Cases which originate in the United States district courts.Removed from State Court. (2) Proceedings initiated in state courts may be removed to the district courts under Title 28 U.S.C., Section 1441. When the petition for removal is granted, check this box.Remanded from Appellate Court. (3) Check this box for cases remanded to the district court for further action. Use the date of remand as the filing date.Reinstated or Reopened. (4) Check this box for cases reinstated or reopened in the district court. Use the reopening date as the filing date.Transferred from Another District. (5) For cases transferred under Title 28 U.S.C. Section 1404(a). Do not use this for within district transfers or multidistrict litigation transfers.Multidistrict Litigation. (6) Check this box when a multidistrict case is transferred into the district under authority of Title 28 U.S.C. Section 1407. When this box is checked, do not check (5) above.

VI. Cause of Action. Report the civil statute directly related to the cause of action and give a brief description of the cause. Do not cite jurisdictional statutes unless diversity. Example: U.S. Civil Statute: 47 USC 553 Brief Description: Unauthorized reception of cable service

VII. Requested in Complaint. Class Action. Place an "X" in this box if you are filing a class action under Rule 23, F.R.Cv.P.Demand. In this space enter the actual dollar amount being demanded or indicate other demand, such as a preliminary injunction.Jury Demand. Check the appropriate box to indicate whether or not a jury is being demanded.

VIII. Related Cases. This section of the JS 44 is used to reference related pending cases, if any. If there are related pending cases, insert the docket numbers and the corresponding judge names for such cases.

Date and Attorney Signature. Date and sign the civil cover sheet.


United States District Court FOR THE NORTHERN DISTRICT OF INDIANA

Fort Wayne Division

Floyd Harris, on behalf of himself and all )

others similarly situated, )

)

Plaintiff, )

)

vs. ) Cause No: 1:15-cv-00225

)

Medical Informatics Engineering, Inc., )

)

Defendant. )

SUMMONS IN A CIVIL ACTION

TO: (Defendants’ names and addresses)

Medical Informatics Engineering, Inc.

c/o Douglas Horner, Registered Agent

6302 Constitution Drive

Fort Wayne, IN 46804

A lawsuit has been filed against you. Within 21 days after service of this summons on you (not counting

the day you received it) C or 60 days if you are the United States or a United States agency, or an officer or

employee of the United States described in Fed. R. Civ. P. 12 (a)(2) or (3) C you must serve on the plaintiff an

answer to the attached complaint or a motion under Rule 12 of the Federal Rules of Civil Procedure. The answer

or motion must be served on the plaintiff or plaintiff=s attorney, whose name and address are:

Irwin B. Levin

Richard E. Shevitz

Vess A. Miller

Lynn A. Toops

COHEN & MALAD LLP

One Indiana Square, Suite 1400

Indianapolis, IN 46204

If you fail to respond, judgment by default will be entered against you for the relief demanded in the

complaint. You also must file your answer or motion with the court.

CLERK OF COURT

Date: _______________________________________

Signature of Clerk or Deputy Clerk


Civil Summons (Page 2)

Civil Action Number: __________________________

PROOF OF SERVICE (this section should not be filed with the court unless required by Fed. R. Civ. P. 4(l))

This summons for (name of individual and title, if any) ______________________________________

was received by me on (date)__________________.

I personally served the summons on the individual at (place) __________________________________

________________________________________________ on (date) __________________; or

I left the summons at the individual’s residence or usual place of abode with (name)________________

_____________________________________, a person of suitable age and discretion who resides there,

on (date) __________________, and mailed a copy to the individual’s last known address; or

I served the summons on (name of individual) ________________________________________, who is

designated by law to accept service of process on behalf of (name of organization) _________________

________________________________________on (date) __________________; or

I returned the summons unexecuted because _____________________________________________; or

Other (specify):

My fees are $ _____________for travel and $_______________for services, for a total of $_______________.

I declare under penalty of perjury that this information is true.

Date: ____________________ __________________________________________________

Server’s Signature

__________________________________________________

Printed name and title

__________________________________________________

Server’s address

Additional information regarding attempted service, etc.


Documents

UNITED STATES DISTRICT COURT NORTHERN DISTRICT OF …...pocket costs for credit freezes, credit reports, and other protective measures to detect or deter identity theft. 10. Defendant