By Hanley Chew and Tyler Newby (January 15, 2019, 12:34 PM EST) -- On Dec. 4, 2018, the attorneys general of 12 states — Arizona, Arkansas, Florida, Indiana, Iowa, Kansas, Kentucky, Louisiana, Minnesota, Nebraska, North Carolina and Wisconsin — filed a data breach lawsuit against Medical Informatics Engineering, an electronic health care records vendor, and its subsidiary in federal district court in Indiana. The lawsuit stemmed from a 2015 data breach where hackers accessed MIE's network and exfiltrated the personal and protected health information of 3.9 million individuals. The stolen information included names, telephone numbers, mailing addresses, usernames, hashed passwords, security questions and answers, spousal information, email addresses, birthdates, Social Security numbers, lab results, health insurance policy information, diagnoses, disability codes, physician names, medical conditions and children's names and birth statistics....