Wednesday, January 19, 2011

Jail Time for Inappropriate Access to Personal Identifying Information (PII)

A Tulsa, Oklahoma hospital worker was sentenced by U.S. District Judge James Payne to three years and nine months in prison because she "exceeded her computer-access authority" to steal personal identifying information (PII) from hospital computer systems. Her co-worker was sentenced to five years of probation with the first six months on home detention. (a & c)

Over six months, the pair violated the privacy of 60 patients by using patient names, date of birth, and Social Security numbers to obtain credit cards and make purchases with them.
Law enforcement authorities made the hospital aware of "an investigation into allegations that a limited number of patient information sheets were wrongfully accessed by two former employees."- Spokeswoman for St. Francis Hospital (c)
Download the Veriphyr white paper on the challenges of detecting insider abuse and how Veriphyr meets security objectives for patient data privacy and user activity.
"an internal investigation was conducted in full cooperation with authorities. Later, federal investigators identified the 60 individuals whose information had been stolen. All of those people were contacted by the health system and as an additional safeguard, we provided identity theft monitoring and protection services for those affected."- Spokeswoman for St. Francis Hospital (c)
(a) Tulsa woman sentence nearly 4 years for credit-card fraud - Tulsa World, November 2010
(b) Federal Grand Jury Criminal Indictments Announced - April 7, 2010
(c) Hospital patient ID theft alleged - Tulsa World, April 2010

No comments:

Popular Posts

Copyright © 2010-2017 by Veriphyr Incorporated, All Rights Reserved.

Contact us at