Friday, May 30, 2014

Health Department Insider Sentenced for ID Theft, Tax Fraud

An employee used her access to a health department database to steal patient information of 1,858 people, which was used by others to obtain fraudulent federal tax refunds.

A federal judge sentenced Salita St. Simon to two years in prison for the identity thefts and she was ordered to pay $19,000 in restitution.

"St. Simon stole identifying information of 1,858 people, which was used by others to obtain fraudulent federal tax refunds."
- US District Court, Southern District of Florida
It is unclear in this case who discovered the identity thefts. Rather than learn of identity thefts from law enforcement, healthcare organizations can utilize low-cost on-demand SaaS analytics services for proactive detection.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Former Palm Beach County Health Department employee sentenced in data theft for tax refund fraud scheme - www.PHIprivacy.net, 05/18/2014

Thursday, May 29, 2014

Insider Steals Patient Data

An Ohio hospital announced than an employee inappropriately accessed records of almost 600 patients that were not directly under the employee's care from April 1, 2013 to April 1, 2014.

This privacy breach of protected health information (PHI) included patients' full name, date of birth, diagnosis, attending physicians, and medications. It is not thought that patients' Social Security number or other financial information was breached.

"The information [inappropriately] accessed by the employee included each patient's full name, date of birth, diagnosis, attending physicians, and medications."
- NBC24 News
It is unclear why the privacy breaches occurred over an entire year. Healthcare organizations seeking to proactively detect inappropriate access, even by authorized users,can utilize low-cost on-demand SaaS analytics services.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Bay Park Hospital notifies patients of health information breach - www.NorthwestOhio.com, 05/28/2014

Wednesday, May 28, 2014

NY Hospital Worker Stole Patient Identities

An employee of a Long Island NY hospital has been charged with stealing the patients' identities

Latoya Talbert was allegedly involved in an identity theft ring that began in 2011. The district attorney claims Talbert used the stolen identities to open credit cards at department stores.

"This defendant took advantage of vulnerable hospital patients in a scheme to make thousands of dollars of purchases based on the good credit of others."
- Kathleen Rice, District Attorney, Nassau County, New York
It is unclear how these patient identity thefts were discovered but often law enforcement, not the healthcare organization, is the first to know. Organizations seeking proactive detection of identity thefts and data privacy breaches can utilize low-cost on-demand SaaS analytics services.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Latoya Talbert charged with stealing IDs from hospital patients, DA says - www.Newsday.com, 05/24/2014

Tuesday, May 27, 2014

WSJ: Increasing UK Data Theft Not Being Reported

Almost half of all large UK organizations have lost or had confidential data stolen over the past year, but only 30% of breaches ever make it to the media, showing that the majority of companies do not report breaches that they’re aware of, according to a new survey.

The 2014 Information Security Breaches Survey, commissioned by the government's Department for Business Innovation and Skills, found that “70% of organisations keep their worst security incident under wraps. So what’s in the news is just the tip of the iceberg.”

"20% of the worst security breaches were caused by deliberate misuse of systems by staff." - Wall Street Journal
The survey also found that 20% of the worst breaches were caused by deliberate system misuse by insiders. Organization can proactively detect such insider breaches with low-cost on-demand SaaS analytics services.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) UK Firms Increasingly Hit by Data Theft, but Aren’t Reporting it - www.WSJ.com, 04/29/2014

Friday, May 23, 2014

Healthcare Worker Stole Patient IDs for Tax Fraud

A Pennsylvania man pleaded guilty today to stealing hospital patients’ personal identifying information (PII)as part of a tax fraud scheme that netted $1.7 million.

From 2010 to 2011, while working at a medical center, Reynaldo Estrada stole patient names, addresses, dates of birth and social security numbers. He sold the information to a tax fraud ring.

"Between October 2010 and October 2011, Estrada stole scores of names, addresses, dates of birth and social security numbers of patients." - US District Court
As is unfortunately often the case it seems the hospital was unaware of the identity thefts until law enforcement contacted them.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Pennsylvania man pleads guilty to stealing hospital patients' identities for use in tax fraud scheme - www.PressReleasePoint.com, 04/25/2014

Thursday, May 22, 2014

CEO Resigns Over Privacy Breach

Target CEO has resigned in the wake of the 2013 privacy breach.

"After extensive discussions, the board and Gregg Steinhafel have decided that now is the right time for new leadership at Target," according to the company's board of directors statement.

"[Steinhafel] held himself personally accountable."
- Target Board of Directors
The company is continuing its search for a chief information security officer and a chief compliance officer.
Download a white paper on identity theft detection. Learn how to proactively identify unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Breach Aftermath: Target CEO Steps Down - www.BankInfoSecurity.com, 05/05/2014

Wednesday, May 21, 2014

Hospital has 8th Privacy Breach by Rogue Employee in 3 Years

A Canadian healthcare organization announced that one of its employees inappropriately accessed numerous patient records. This is the organization's eighth privacy breach by a rogue employee since 2012.

The patient privacy monitoring software used by the organization completely missed the breach and it was only discovered by an employee whistleblower.

"The employee was looking up information related to friends and family — but those particular things were not picked up [by the privacy auditing software]."
- Vice-president of privacy for the organization
The privacy officer said random audits by their privacy breach detection software "will look for last names, or it might look for the same address." But the software completely missed that the "employee was looking up information related to friends and family".

Most commercial privacy breach detection products use static rules that miss many types of privacy breaches. But Veriphyr's dynamic clustering behavioral analytics, available as low-cost on-demand SaaS services, can proactively detect this and other complex breach types.

Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Insider tipped Eastern Health to latest privacy breach - www.CBC.ca,05/14/2014

Tuesday, May 20, 2014

South Korea Increases Data Breach Fines

South Korea has made changes to its data protection laws.

Data breach amendments (Bill No. 10479) increase available fines; lower the liability threshold that regulators must show to levy fines; allow compensation of individual plaintiffs without a showing of damages; and require notification of affected individuals within 24 hours of discovering a breach, according to the Korea Communications Commission (KCC).

"Businesses will be held liable for a data breach with or without proven fault on their part."
- Eom Yeol, Director, Privacy Protection and Ethics Division, KCC
The amendment also authorizes courts to award compensation of up to 3 million Korean won ($2,900) to each consumer complainant in a data breach case with no need to verify damage claims. "This will give companies a strong reason to upgrade their data security standard voluntarily," said Eom Yeol, KCC director.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) South Korea Increases Data Breach Fines, Lowers Liability Threshold - www.BNA.com, 05/19/2014

Monday, May 19, 2014

7 Years Prison for Identity Theft, Tax Fraud Using Medical Records

A Brandon Florida man, James A. Reeves, has been sentenced to more than 7 years in prison for stolen identity refund fraud (SIRF).

Reeves admitted he purchased Veterans Administration (VA) medical records from someone whom he knew who worked at the VA, and used the information to file fraudulent tax returns.

"Reeves admitted he purchased VA medical records from someone at the VA, and used the information to file fraudulent tax returns."
- US District court documents
It is unclear who at the VA stole and sold the identities to Reeves or over what period of time the identity thefts occurred. Organizations seeking to proactively detect theft of identities can utilize low-cost on-demand SaaS analytics services.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) FL: Brandon Man Sentenced To More Than 7 Years For Stolen Identity Refund Fraud - www.PHIprivacy.net, 05/17/2014

Friday, May 16, 2014

Army Officer Guilty of ID Theft, Bank Fraud

James Jones, a former assistant inspector general with the U.S. Army Office of Inspector General, admitted abusing his position to obtain personal identifying information, including Social Security numbers and dates of birth, of active duty U.S. Army officers.

Jones used the stolen identities to apply for loans and used the money for his personal benefit. He is scheduled to be sentenced in August 2014.

"Jones admitted abusing his position to obtain personal identifying information, including Social Security numbers and dates of birth, of active duty U.S. Army officers."
- US Attorney's Office, Middle District of Tennessee
It is unclear over what period of time the data thefts occurred or how many Army personnel were victims. Organization seeking to proactively detect identity theft and privacy breaches can utilize low-cost on-demand SaaS analytics services.
Download a white paper on privacy breach detection. Learn how to proactively identify unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Former Fort Campbell assistant IG pleads guilty to ID theft, bank fraud - www.ArmyTimes.com, 05/13/2014

Thursday, May 15, 2014

University Employees Victims of Tax Refund Fraud

As many as 39 union members, employed by a New Jersey university, have been the victims of identity theft after they learned their federal tax returns were filed in their names and the ID thieves collected their tax refund checks.
The university has issued a notice to staff about the security breach but "no direct connection to the university had been identified"
"Dozens of employees had their identities stolen and federal tax returns filed in their names after a security breach allowed access to their personal information."
- Employee union officials
Given the numerous reports of tax refund fraud involving doctors’ identity information where the point of compromise or how the data were acquired is unknown, it's not surprising the university may not know whether it has been breached. Organizations seeking to proactively detect identity theft and privacy data breaches can utilize low-cost on-demand SaaS analytics services.
Download a white paper on privacy breach detection. Learn how to proactively identify unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Dozens of New Jersey City University employees victims of tax refund fraud - www.DataBreaches.net, 05/09/2014


Wednesday, May 14, 2014

Dental School ID Theft Ring

Dental employees of a university in New York were arrested for stealing patients' personal information and using it for identity theft.

They used the stolen patient identities to open credit card accounts and also sold some of the information to other scammers; about 350 patients were victims of the crime.

"Scott and Giscombe Jr., who work with patients treated at the school, were busted last summer for allegedly lifting credit card information from more than 350 victims."
- The New York Post
The university was unaware of the identity thefts until law enforcement notified them.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) http://nypost.com/2014/05/11/nyu-dental-school-workers-busted-in-identity-theft-operation/ - www.NewYorkPost.com,05/11/2014

Tuesday, May 13, 2014

MDs Targeted in Hospital Identity Theft, Tax Scam

Vermont physicians and other healthcare providers were targets of a nationwide tax scam involving identity theft and the filing of fraudulent federal income tax returns in their names.

The same fraud scheme victimized hundreds of doctors and other medical personnel in 18 states.

"It’s mostly doctors, but it’s not restricted to them. Nurse practitioners and physician assistants were affected, too."
- Paul Harrington, executive vice president of the Vermont Medical Society
While the source of the identity information is still unknown, hospitals have been a frequent source for for identity data in other tax refund scams. Healthcare organizations seeking proactive detection of identity thefts and privacy data breaches, rather than learn about them from law enforcement, are utilizing low-cost on-demand SaaS analytics services.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) 69 Vt. docs, health care providers targeted in tax scam - www.BurlingtonFreePress.com, 04/30/2014

Monday, May 12, 2014

National Nurses Week May 6-12, 2014

On this last day of National Nurses Week we'd like to acknowledge the important role nurses play in protecting their patients' privacy.

This year's theme focuses on embracing new technology, such as electronic health records (EHRs), which often can facilitate breaches of patients' confidential information. Patients count on nurses and other healthcare workers to be vigilant in protecting their health and as well as their health data.

"The 2014 theme, "Nurses Leading the Way," is a focus on how nurses throughout the industry accept constantly evolving roles in their profession while embracing new technology and resolving emerging issues.."
- American Nurses Association
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Reflections for our nation’s nurses - www.HealthIT.gov,05/09/2014

Friday, May 9, 2014

Nurse Stole Patient IDs for Up To Four Years for Credit Card Fraud

A New York nurse has been charged with stealing patient identities, possibly for as long as four years. She used the patients' personal information to open fraudulent accounts and credit cards.

Sheriff Craig Apple said the licensed practical nurse used her access to patient information to fuel her and her boyfriend's scheme to defraud.

"The nurse was extracting personal information, and then they were setting up phony accounts and setting up credit cards."
- Sheriff Craig Apple
Again, as is all to often the case, it seems the hospital was unaware of the identity thefts until notified by law enforcement. Healthcare organizations who prefer proactive identity theft, rather than learn from a third party long after the thefts occurred, can utilize low-cost on-demand SaaS analytics services.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Albany Med nurse charged with stealing patient identities - www.TimesUnion.com, 04/07/2014

Thursday, May 8, 2014

$4.8M Settlement for Hospital Privacy Breach

The largest HIPAA settlement to date, $4.8 million, as been announced against a New York hospital for a breach that affected 6,800 patients.

The previous record for a HIPAA violation was $4.3 million in penalties levied in 2011 against a Maryland health plan company. A subsequent legal fight and court order pushed the final amount to almost $4.8 million.

"Our cases should remind healthcare organizations of the need to make data security central to how they manage their information systems."
- Christina Heide, acting deputy director of health information privacy for OCR
The Health and Human Services (HHS), Office of Civil Rights (OCR), investigated the breach and stated that organizations "need to make data security central to how they manage their information systems."
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) New York-Presbyterian, Columbia to pay largest HIPAA settlement: $4.8 million - www.ModernHealth.com, 05/08/2014

Wednesday, May 7, 2014

Hospital EHR Adoption Increased

Adoption of electronic health records (EHRs) by hospitals has significantly increased over the last several years, according to American Hospital Association's 2013 Health IT survey.

The survey found that adoption of EHRs has increased more than five-fold over the last five years. Specifically, 93% of hospitals in 2013 reported being "in possession" of an EHR system that received meaningful use certification.

"93% of hospitals in 2013 reported being "in possession" of an EHR system that received meaningful use certification."
- American Hospital Association survey
While EHRs can improve healthcare delivery they also facilitate identity theft. Healthcare organizations seeking proactive detection of identity theft and breaches of patient privacy can utilize low-cost on-demand SaaS analytics services.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) More Hospitals Adopting EHRs, Sending Health Data Electronically - www.iHealthBeat.org, 05/06/2014

Tuesday, May 6, 2014

Hospital Insider Data Thefts May Have Lasted 12 Years

On March 6, 2014, a Massachusetts hospital was notified by law enforcement that an employee may have accessed over 2,000 patient records outside of their normal job duties to open credit card and cell phone accounts.

The hospital then conducted an internal investigation and determined the employee had access to patient information such as name, date of birth, Social Security number, and address from May 6, 2002 to March 4, 2014.

"Our investigation has determined that the employee had access to patient information...between May 6, 2002 and March 4, 2014."
- Hospital announcement
As is unfortunately all to often the case in healthcare organizations, the hospital first learned of the breaches from law enforcement. Organizations that seek to proactively detect identity theft and data privacy breaches can utilize low-cost on-demand SaaS analytics services.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) UMass Medical Center alerts patients to insider data theft that may date back to 2002 - www.PHIprivacy.net, 05/05/2014

Monday, May 5, 2014

Target CEO Resigns for Privacy Breach

Target CEO has resigned in the wake of the 2013 privacy breach.

"Today we are announcing that, after extensive discussions, the board and Gregg Steinhafel have decided that now is the right time for new leadership at Target," the company's board of directors said in a May 5 statement.

"[Steinhafel] held himself personally accountable."
- Target Board of Directors
The company is continuing its search for a chief information security officer and a chief compliance officer.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Breach Aftermath: Target CEO Steps Down - www.BankInfoSecurity.com, 05/05/2014

Celebrate Corporate Compliance & Ethics Week

May 4-10, 2014: Corporate Compliance & Ethics Week is a national week-long event highlighting the importance of ethics and compliance in the workplace.

Organizations use this week to raise awareness and engage employees about these important topics and in some case find this a good week to launch new compliance training programs.

"Many companies use the week as an opportunity to raise awareness about compliance and ethics and engage employees about these difficult yet vitally important topics."
- Society of Corporate Compliance and Ethics and Health Care Compliance Association
It's not too late to celebrate at your organization; see the HCCA website for suggestions and supporting documents for your newsletter or an email blast.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Corporate Compliance & Ethics Week - www.HCCA.org,05/05/2014

Friday, May 2, 2014

AL Hospital Employee Stole Patients' IDs for Tax Fraud

An Alabama hospital has notified patients their identities may have been stolen and used to file fraudulent tax returns.

In February 2014 it was learned that a hospital laboratory employee had been stealing personal information from patient records since 2013. It was not announced how many patients were victims of these identity thefts.

"An employee in our laboratory was taking...patients' personal information, and he may have attempted to use that information to file fraudulent tax returns." - Hospital Privacy Officer
Stolen Identity Tax Fraud (SIRF) is a major problem that the US Attorney's office and IRS have been tackling. Unfortunately hospitals are often the source of the stolen identities.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Patients personal information stolen from Flowers Hospital - www.DonathFirst.com, 04/30/2014

Thursday, May 1, 2014

Canada Hospital Employee Guilty of Over 1,000 Privacy Breaches

A Canadian woman, Donna Colbourne, pled guilty to inappropriately accessing patient files while employed at a Newfoundland Labrador hospital, a violation of the Personal Health Information Act, .

As a hospital clerk she breached the privacy of 1,043 patients, according to an investigation by the Canadian Office of the Information and Privacy Commissioner.

"Colbourne had accessed the files of 1,043 patients from June 2011 to May 2012."
- The Western Star
It is unclear why the breaches, which started in 2011, were not discovered and announced until 2012. Healthcare organizations seeking to proactively detect identity theft and inappropriate access, even by authorized users, can utilize low-cost on-demand SaaS analytics services.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Donna Colbourne pleads guilty to breaching health information act - www.TheWesternStar.com, 04/30/2014

Popular Posts

Copyright © 2010-2017 by Veriphyr Incorporated, All Rights Reserved.

Contact us at Veriphyr.com.