An investigation is underway in the US state of Indiana to establish whether a recent data breach at Medical Informatics Engineering (MIE) and its subsidiary NoMoreClipboard was handled properly.

The Office of the Indiana Attorney General said that the data breach, which has affected approximately 1.5 million residents in the state and up to 3.9 million people across the US, is the most significant in Indiana this year.

It added that the investigation would also clarify whether both companies – which are responsible for delivering electronic medical record services to healthcare providers – had in place “appropriate safeguards” to protect customer data.

“We are faced with yet another massive data breach putting countless Hoosiers [Indiana residents] at risk of identity theft and fraud,” Indiana’s Attorney General Greg Zoeller said last month.

“People cannot sit back and assume they won’t become a victim of these crimes which are costly, time consuming to fix and can have a long-term impact on your financial stability and credit. Everyone in Indiana should have a credit freeze in place to protect themselves from becoming a victim of identity theft and fraud.”

The credit freeze outlined by Mr Zoeller ensures that any criminal attempting to take advantage of another individual’s personal information is unable to open up a credit card account or get a loan using stolen details.

MIE reported that it first “discovered suspicious activity” in one of its servers on 26th May, which was immediately reported to law enforcement.

Subsequent scrutiny into the incident revealed that there had been a serious data security compromise involving personal and medical records, with “unauthorized access” to its network first taking place on 7th May.

The affected data includes an individual's name, their telephone number, address, date of birth, social security number and information relating to their insurance policy.

MIE said that it has taken immediate action boost the security of its system, which includes strengthening password rules and increasing monitoring.

It has also offered individuals affected by the breach two years of free credit monitoring and identity protection.