Friday, August 29, 2014

Hospital Employee Gets Prison for ID Thefts, Tax Fraud

A former Pennsylvania hospital employee was sentenced to more than four years in prison for stealing many patient identities that were then used in a tax refund scheme.

In addition to the prison term the convicted man has been ordered to pay restitution of $409,779.

"[He] was sentenced Wednesday to more than four years in prison for stealing the identities of numerous patients as part of a tax fraud scheme."
- Philadelphia Business Journal
It is unclear how the identity thefts were discovered. Healthcare organizations seeking to proactively detect identity theft and privacy breaches can utilize low-cost on-demand SaaS analytics services.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Former hospital employee gets 4+ years for ID theft - www.BizJournals.com, 08/28/2014

Thursday, August 28, 2014

Survey: Health IT Workers in Demand

Health IT workers continue to be in demand, according to a survey by HIMSS Analytics, the research arm of the Healthcare Information and Management Systems Society.

The majority of healthcare organizations polled said they plan to "hire at least one full-time worker during the next year."

"70% of health care organizations reported plans to outsource at least one health IT service area over the next year."
- HIMSS Analytics survey
85% of respondents cited barriers to meeting their IT needs, primarily due to a lack of qualified talent. Healthcare organizations seeking to outsource proactive identity theft and privacy breach detection can utilize low-cost on-demand SaaS analytics services.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Health IT Workers Still in High Demand, Survey Finds - www.iHealthBeat.org, 08/27/2014

Wednesday, August 27, 2014

Insider at Physician Practice Charged with Fraud for Selling Patient Identities

A Michigan woman, employed by a physician practice, allegedly stole patient billing records and sold them to a co-defendant.

The woman was promised $100 per billing record which contained the names, birth dates and Social Security numbers of patients, which could be used to steal identities.

"A woman who worked in a doctor's office...has been charged with fraud for allegedly giving out personal information of patients."
- Federal Complaint, US District Court for Eastern Michigan
It is unclear when the identity thefts took place or who discovered them. Healthcare organizations seeking proactive detection of identity theft and data privacy breaches can utilize low-cost on-demand SaaS analytics services.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Woman charged with fraud for allegedly releasing personal patient information - www.ClickOnDetroit.com, 08/06/2014

Tuesday, August 26, 2014

UK Banker Fined for Viewing Colleague's Accounts

A UK banker has been fined for inappropriately accessing colleagues' bank account details.

DalVinder Singh used his authorized access rights to snoop on information about co-workers salaries and bonuses. The Information Commission's Office (ICO) Criminal Investigator said "Singh had been given clear training around the Data Protection Act, but chose to ignore that training. By accessing personal information he broke the law, and that is why he has been fined today."

"...when that curiosity led to him breaking the law, it cost him his job."
- Damian Moran, ICO Criminal Investigation Manager
The duration of the snooping is unclear or how it was discovered. Organizations seeking to proactively detect inappropriate access to records, even by authorized users, can utilize low-cost on-demand SaaS analytics services.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Learn how Veriphyr Identity and Access Intelligence delivers business insights - with no hardware and no on-site software.

(a) UK: Birmingham banker fined for reading colleagues’ bank accounts - www.PHIprivacy.net, 08/23/2014

Monday, August 25, 2014

Health Insurance Employee Stole Client IDs for Tax Fraud

An employee of a Massachusetts health insurance company pleaded guilty to stealing 8,700 customer identities that he shared with co-conspirators who used the data to steal Social Security benefits and file fraudulent tax returns.

The data stolen included names, birth dates and Social Security numbers, primarily from customers over age 65.

"[He] stole and disclosed the personal data of over 8,700 customers."
- US Attorney's office

The employee started working for the health insurance company in 2010. It is unclear over what period of time the identity thefts occurred, when they were discovered and by whom. Healthcare organizations seeking to proactively detect identity theft and privacy breaches can utilize low-cost on-demand SaaS analytics services.

Download a white paper on identity theft and privacy breach detection. Learn how to proactively identify unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Worcester Man Pleads Guilty to Stealing Government Money - www.Justice.gov, 04/14/2014

Friday, August 22, 2014

Medical Assistant Gulity of Patient ID Thefts

A Hollywood Florida medical assistant has pleaded guilty to stealing about 2,000 patient identities while at work, identities she knew would be used to file fraudulent tax returns.

The patient data the medical assistant stole included names, dates of birth, and social security numbers

"[She] sold an individual approximately 2,000 identities...the individual told her that he used the identities to file fraudulent tax returns."
- CBS News
It is unclear over what period of time the identity thefts occurred and how they were discovered. Healthcare organizations can proactively detect identity thefts and privacy data breaches with low-cost on-demand SaaS analytics services.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Hollywood Medical Assistant Pleads Guilty to Identity Theft - www.CBS.com, 08/14/2014

Thursday, August 21, 2014

Bank Teller Stole IDs for Counterfeit Checks

A teller at a Connecticut bank, has been charged with stealing customers' identities and using them to create counterfeit checks.

The identity thefts were discovered by a victim, not the bank that held the personal identifying information (PII).

"The identity thefts were discovered by a victim, not the bank that held the personal identifying information (PII)."
Law enforcement's investigation turned up additional bank customers who were victims of this crime. Rather than learn about identity thefts from their customers, organizations can proactively detect these breaches with low-cost on-demand SaaS analytics services.
Download a white paper on identity theft and privacy breach detection. Learn how to proactively identify unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Tampa Man Sentenced To More Than Four Years In Prison For Stolen Identity Refund Fraud - www.PHIprivacy.net, 08/19/2014

Wednesday, August 20, 2014

FL Man Sentenced to Prison for VA ID Theft, Tax Fraud

A Tampa resident was sentenced to four years and six months in federal prison for stolen identity refund fraud (SIRF) using patient records stolen from the Veteran's Administration.

According to court documents the convicted man and two co-conspirators, engaged in stolen identity refund fraud from April 2009 to May 2011.

"Saint Marc was responsible for fraudulent tax returns requesting nearly $300,000 of government funds and victimizing more than 45 veterans ."
- Department of Justice documents
While reportedly the tax fraud occurred from 2009 - 2011 it is unclear when the VA identity thefts occurred, and when and how the VA learned about them. Organizations can proactively detect identity theft and privacy breaches with low-cost on-demand SaaS analytics services.
Download a white paper on identity theft and privacy breach detection. Learn how to proactively identify unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Tampa Man Sentenced To More Than Four Years In Prison For Stolen Identity Refund Fraud - www.PHIprivacy.net, 08/19/2014

Tuesday, August 19, 2014

Privacy Allegations Against Ohio Hospital

Two Ohio women, Vicki Shelton and her daughter, have filed a lawsuit alleging their privacy was repeatedly violated at their local hospital.

Vicki said the hospital first alerted her that her ex-husband, Duane Sheldon who worked in the hospital's Administration Department, had inappropriately looked at her records. But when she received reports from the hospital she “was very disturbed by the number of people who had no reason to be in my records had been in my records apparently just whenever they felt like looking.”

"Both women believe [the hospital] did not have the appropriate procedures in place to protect their private records.."
- 2News, WDTN
Low-cost on-demand SaaS analytics services can provide healthcare organizations detailed reports on what users accessed in patient records and if it was inappropriate.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Hospital responds after privacy allegations - www.WDTN.com, 08/13/2014

Friday, August 15, 2014

Sheriff Sentenced in ID Theft, Tax Fraud Scheme

A Georgia Deputy Sheriff has been sentenced for stealing identities and filing fraudulent tax returns (SIRF).

The Deputy Sheriff worked for a Georgia county Sheriff's office from 2007 through 2012. From the end of 2011 to early 2012, Street stole personal identification information (PII), names, birthdates, and social security numbers, which were used to file for tax refunds.

"[He] exploited his position as a law enforcement officer for his own personal financial gain which came at the expense of the community he was entrusted to serve."
- US Attorney's Office, South District of Georgia
As is unfortunately often the case, a third party, and not the organization holding the PII, discovered the identity thefts. The IRS found the bogus returns, but not until they had paid $76,424.00 in refunds.

Organizations seeking to proactively detect identity theft, rather than learn about it from third parties, can utilize low-cost on-demand SaaS analytics services.

Download a white paper on identity theft detection. Learn how to proactively identify unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Former Richmond County Deputy Sentenced in Identity Theft Scheme - www.FBI.gov, 08/13/2014

Thursday, August 14, 2014

Report Confirms New Government Leaker

US government officials have confirmed there is a new leaker of National Counterterrorism Center documents, according to a CNN report.

It seems this new leak has occurred after the breaches of sensitive data from the National Security Agency (NSA). Those leaks lead many organizations to address their policies and procedures for insider threats.

"Snowden led many public and private sector organizations to revisit their policies and procedures for addressing the insider threat and preventing data leakage.."
- www.GovInfoSecurity.com
There are approaches available for identifying insiders leaking data. For example, low-cost on-demand SaaS analytics services proactively detect data breaches, even by authorized users.
Download a white paper on data privacy breach detection. Learn how to proactively identify unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Report: New Government Leaker Confirmed - www.GovInfoSecurity.com, 08/05/2014

Wednesday, August 13, 2014

Ready for 2014 HIPAA Compliance Audits?

The time is fast approaching for round two of HIPAA compliance audits.

The Health and Human Services (HHS) Office of Civil Rights (OCR), which over the summer sent pre-audit surveys to as many as 800 entities, will probably audit about 400 of them. For the firs time, business associates will be included.

"OCR will select about 400 entities for HIPAA audits. Those audits will begin this fall - which is quickly approaching."
- The National Law Review
These Phase 2 audits will differ from Phase 1 in several ways. They will target HIPAA standards, which yeilded high non-compliance during Phase 1. Also the audits will be broken down by type, such as compliance with the privacy/security rules and risk analysis/management.

Healthcare organizations seeking to be ready for these audits regarding privacy and security rules and risk assessment, can utilize low-cost on-demand SaaS analytics services.

Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Are You Ready for Round Two (of HIPAA Compliance Audits)? - www.NationalLawReview.com, 08/12/2014

Tuesday, August 12, 2014

A Damning Report on Medical Privacy

Snooping doctors, nurses and even admin workers can access patients' most personal medical records, according to a report by the Privacy Commission in New Zealand.

The commission identified significant flaws in the security and regulation of shared care record (SCR) portals. They noted district health offices need to be "more demanding" of patient security and found none of the reviewed SCRs were able to provide a compelling picture of how access was audited.

"...despite high-profile cases where health staff had illegitimately accessed patient records... no steps have been taken to secure systems against unauthorised access and malicious attack.."
- Privacy Commission, New Zealand
The portals require credentials to gain access, but the report highlighted the ease with which staff can bypass permissions, thus allowing widespread and damaging accidental or malicious disclosures.

Healthcare organizations seeking auditing of access and proactive detection of privacy data breaches can utilize low-cost on-demand SaaS analytics services.

Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Report slams medical privacy - www.SundayStarTimes.co.nz, 08/10/2014

Monday, August 11, 2014

Join Us in Helping Children's Hospitals on August 14, 2014

"Put Your Money Where the Miracles Are!"
- Children's Miracle Network Hospitals
This year DQ® is celebrating Miracle Treat Day with even more magic.

On Thursday August 14th, 2014, $1 or more from every Blizzard® Treat purchased at participating DQ® stores will be donated to your local Children's Miracle Network Hospitals® to help children in need. Together we can provide hope and healing to sick and injured children in your community.

The team at Veriphyr encourages you to help your local Children's Miracle Network Hospital. Together, we can provide hope and healing to sick children in your community.

Children’s Miracle Network Hospitals
Children’s Miracle Network Hospitals is a charity that raises funds for more than 170 children's hospitals. Donations to Children’s Miracle Network Hospitals are used to provide charitable care, purchase life-saving equipment, and fund research and education programs that save and improve the lives of 17 million children each year.

Why Veriphyr Supports Children’s Miracle Network Hospitals
Like our customers, Veriphyr is committed to doing the right thing for our customers and communities. Veriphyr gives back to the communities by contributing a part of each sale to the Children’s Miracle Network Hospitals in the customer's community as well as donating privacy breach detection services to member hospitals.
Sources:
(a) Miracle Treat Day - www.MiracleTreatDay.com, 08/11/2014

Prison for Woman Who Stole Telco Customer IDs

A Florida woman has been sentenced to two years and 10 months in federal prison for her role in stealing identities of telco customers.

We previously posted about others involved in these ID thefts. The stolen identities were used by this woman and her co-conspirators to obtain debit and credit cards, which they used for purchases and cash advances of several tens of thousands of dollars, according to investigators.

"[She] admitted that she used her job [at a contractor] — which staffs direct sales and customer service calling centers — to steal customer identities." - Sun Sentinel
Unfortunately, as is often the case,the identity thefts were discovered by law enforcement, not by the organization that had the personally identifiable information (PII). Organizations seeking to proactively detect identity theft and privacy data breaches can utilize low-cost on-demand SaaS analytics services.
Download a white paper on identity theft detection. Learn how to proactively identify unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Broward woman who stole AT&T customers' identities gets prison sentence - www.SunSentinel.com, 08/07/2014

Friday, August 8, 2014

Insider Privacy Breach on Canada Rx System

There has been a major insider breach of 1,600 patients' information from the prescription system of British Columbia, Canada.

The Canadian Ministry of Health says the breach occurred between March 9th and June 19th, 2014, when someone used a doctor’s PharmaNet account without the doctor’s knowledge. The information accessed included names, dates of birth, addresses, phone numbers, and personal health numbers for all of the affected people. In addition, 34 patients' medication histories were inappropriately accessed.

"If one person can get a doctor’s number and breach security, presumably other people can do it as well. That’s why the systems in place to prevent breaches need to be tight. They need to be implemented and that was not done so we don’t know if this is going to happen again or in fact it may have happened before."
- George Heyman, BC NDP citizens service critic
This type of breach of patient privacy by an insider could have been detected proactively with low-cost on-demand SaaS analytics services.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Privacy breach in BC’s prescription system - www.News1130.com, 07/11/2014 />

Thursday, August 7, 2014

Suspected Snooper Selling VIP Info Committed Suicide

This is a very sad situation that no one would have wanted to happen. The suspect in the snooping and sale of Formula 1 champion Michael Schumacher's private medical information was found hanged in his Zurich prison cell.

The man, who was not named, a manager at Swiss helicopter company, which was involved in Schumacher's transfer from Grenoble hospital to University Hospital of Lausanne (CHUV) on June 16 after he emerged from a coma. The French daily "Le Dauphine Libere" reported in July that leaked documents being offered to European media for some 60,000 Swiss francs ($66,016) appeared to have come from the IP address of a computer at a Zurich-based helicopter company.

The helicopter company lodged a criminal complaint on July 8 for the suspected leak of Schumacher's medical files, but said at the time it had no proof that one of its employees was implicated. An investigation by Zurich's cantonal prosecutor led to the arrest of an employee on Tuesday in connection with violating patient privacy and medical secrecy.

"An investigation by Zurich's cantonal prosecutor led to the arrest of a Rega employee on Tuesday in connection with violating patient privacy and medical secrecy.."
- The Telegraph
Sources:
(a) Michael Schumacher medical files suspect found hanged in cell - www.Telegraph.co.uk, 08/07/2014

Medical Practice Employee Steals 12,000 Identities

An employee of a Las Vegas medical practice allegedly stole the identities of 12,000 patients for fraudulent activities.

The breach of patients' personal health information (PHI) from the healthcare organization's billing system began in November 2011 and continued thru June 2012. But patients were not notified until July 9, 2014 because the medical practice learned of the breach from law enforcement in May 2014.

"A former employee who worked for us during 2011 and 2012 is now the subject of a law enforcement investigation relating to personal health information that the former employee is alleged to have stolen and used for fraudulent activities,."
- Healthcare provider spokesperson
This is another case where law enforcement, rather than the organization holding the PHI, discovers the identity theft or PHI breach. Organizations seeking to proactively detect identity thefts and data breaches, thus preventing or limiting the number of victims, can utilize SaaS analytics services.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Western Regional Center For Brain And Spine Surgery employee stole patient information for fraudulent activities - www.PHIprivacy.net, 08/05/2014

Wednesday, August 6, 2014

$10M ID Theft, Tax Fraud by Employee of Welfare Department

An employee of a public assistance department stole over 400 identities of the agency's clients. Federal investigators say the suspect was part of a $10 million identity theft and tax fraud scheme.

The US Attorney's office asked the court not to allow him to return to work so that he will not have "access to the computer system which contains the personal identity information which he appears to have accessed as part of the charged conspiracy in this case."

"[the suspect] is one of six indicted on charges they used thousands of stolen identities to obtain tax refunds and open bank accounts into which to deposit the refunds."
- Erie Times News
The investigation by the FBI and the IRS' criminal investigations unit remains ongoing and that the losses are expected to reach tens of millions of dollars, particularly once the investigation of the fraudulent credit card activity is complete.

As is often the case these identity thefts were discovered by a third party, not the organization holding the personally identifiable information (PII). Organizations seeking to proactively detect identity theft, rather than learn about it from others, can utilize low-cost on-demand SaaS analytics services.

Download a white paper on identity theft detection. Learn how to proactively identify unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Erie feds: IDs stolen from NYC welfare records> - www.DataBreaches.net, 08/05/2014

Tuesday, August 5, 2014

2 More Guilty in Telco ID Theft and Fraud Scheme

This is a follow up on a previous blog about employee theft of personally identifiable information (PII) from a mobile phone telco.

Two more employees of the telco's call center contractor, Jacqueline Nicole Lee Warrick and Tracy Delva, have pleaded guilty to stealing PII and using it for unauthorized wire transfers from the victims’ bank accounts and to obtain unauthorized credit or debit cards.

"[the company] provides staffing for call centers to handle direct sales and customer inquiries for [the telco]. Syrilien unlawfully provided co-conspirators with the personal identifying information from multiple customer files.." - U.S. Attorney’s Office, Southern District of Florida
It appears the identity thefts were discovered by law enforcement, not the call center company working for the telco. Organizations seeking proactive detection of identity theft, rather than learning about it from third parties, can utilize low-cost on-demand SaaS analytics services.
Download a white paper on identity theft detection. Learn how to proactively identify unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Two More Defendants Plead Guilty in Identity Theft Fraud Scheme Involving Personal Identifying Information from AT&T Customer Files - www.FBI.gov, 07/30/2014

Monday, August 4, 2014

Hospital Employee Stole Identities from Cancer Patients

A Virginia healthcare system employee, T'sha Riddick, has been charged with identity theft of patient information.

Riddick improperly accessed patient information at the practice, including credit card and Social Security numbers, according to a healthcare system spokesman.

"Riddick improperly accessed patient information at the practice, including credit card and Social Security numbers." - Healthcare system spokesman
The spokesman said “Keeping patient information protected is vital" and “We are looking at ways to improve our monitoring program." Healthcare organizations can proactively detect identity theft and privacy data breaches with low-cost on-demand Saas analytics services.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Riverside warns of data breach; ex-employee charged - www.HamptonRoads.com, 07/31/2014

Friday, August 1, 2014

Canada Doctor Breached Patient Privacy 350 Times

We reported in March 2014 about the Canadian physician who snooped on female patients not under his care. The Canadian privacy commissioner, Anne Bertrand, has now released her preliminary report.

The report details that Dr. Fernando Rojas, a radio-oncologist, inappropriately accessed the files of 141 women a total of 350 times. The commissioner has made five recommendations, including that the medical center, where Rojas works, press charges under the Provincial Offenses Procedures Act.

"he was looking at these patient files out of personal interest and to find out their age." - Anne Bertrand, Privacy Commissioner, Canada
The breaches occurred over a period of twenty eight months. The report also recommends random audits of access to electronic patient records be more frequent and to quickly limit or restrict access to patient records when any suspicious activities are found. Healthcare organizations can audit all access, not just random samples, by utilizing low-cost on-demand SaaS analytics services.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Privacy commissioner urges disciplinary action against doctor - www.CBC.ca, 07/31/2014

Popular Posts

Copyright © 2010-2011 by Veriphyr Incorporated, All Rights Reserved.

Contact us at Veriphyr.com.