Friday, February 27, 2015

Two Plead Guilty to Using Bank Tellers to Steal Customer IDs

Two New York men have pleaded guilty to operating an identity theft ring that involved having bank tellers steal customer data.

Hundreds of customers at several banks in New York, Conneticut and Massachussets had their identities stolen. The theft ring used the information to create false IDs and withdraw money from accounts.

"Using data gained from tellers who cooperated in the ring, [they] stole personal information from hundreds of customers."
- American Banker
It seems the identity thefts were discovered by law enforcement rather than the banks. Financial services organizations seeking to proactively detect thefts of customers' identities can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Two Plead Guilty in New York Identity Theft Case - www.AmericanBanker.com, 01/20/2015

Wednesday, February 25, 2015

Hospital Employee Gulity of HIPAA Criminal Charges

For over one year, from from December 2012 through January 2013, a hospital employee in East Texas stole patients' identities with the intent to use them for person gain. He has been sentenced to eighteen months in federal prison for criminal HIPAA violations.

While to date prosecutors around the country have lodged few cases asserting criminal violations of HIPAA, attorneys say the health care industry's shift to electronic medical records (EHR) will present more opportunities for unauthorized access to protected health data (PHI) that will prompt more criminal actions in the years ahead.

"The conviction of a corporate entity [for HIPAA criminal charges] is certainly allowable and supported by the criminal penalties in the statute."
- James M. Jacobson, partner, Nutter McClellen & Fish
Although criminal prosecutions are expected to continue to focus on individual bad actors, attorney James M. Jacobson said it was not unreasonable to expect some corporate convictions in the next few years that center on “corporate policy or procedures being so lax or nonexistent that ultimately they enabled the rogue employee to act.” Organizations seeking to proactively detect data privacy breaches by employees and contractors can utilize low-cost on-demand SaaS analytics servcies.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Former Hospital Employee Sentenced for HIPAA Violations - www.Justice.gov, 02/17/2015
(b) HIPAA Criminal Charges To Gain Steam As Data Goes Digital - www.Law360.com, 08/14/2014

Tuesday, February 24, 2015

Class-action Patient Privacy Breach Suit to Move Forward

The Ontario Court of Appeal ruled that a class-action suit brought by patients of a local hospital can proceed. The patients allege $5.6 million in damages as a result of inappropriate access to their medical records.

The court said "There is no basis to exclude the jurisdiction of the Superior Court from entertaining a common law claim for breach of privacy and, given the absence of an effective dispute resolution procedure, there is no merit to the suggestion that the court should decline to exercise its jurisdiction." The court also found the hospital responsible for the plantiffs' $24,000 legal fees.

"...given the absence of an effective dispute resolution procedure, there is no merit to the suggestion that the court should decline to exercise its jurisdiction." - Court of Appeal
The case stems from the hospital announcing in the spring 2012 that 280 patients had their privacy breached and seven hospital employees were fired for accessing patient records they were not entitled to view.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) PRHC privacy lawsuit to go ahead - www.ThePeterBoroughExaminer.com, 02/18/2015

Monday, February 23, 2015

Financial Services Employee Steals Customer Data for ID Theft Ring

A Florida woman has been sentenced to ten years and one month in prison for her role in an identity theft tax refund fraud scheme (SIRF).

The woman conspired with several others to defraud the IRS by filing false and fraudulent income tax returns using the names and Social Security numbers she obtained from a relative who worked at a financial services institution. The identity theft ring filed 526 fraudulent returns claiming $5,063,954 in refunds and succeeded in obtaining more than $1.4 million from the IRS.

"[She] obtained the personal identifying information from a relative who had stolen the data from a financial institution where she worked."
- US Attorney's Office, Middle District of Florida
It seems the identity thefts were discovered by law enforcement, rather than the financial institution holding the personal identifying information (PII). Rather than learn about ID theft from third parties organizations can proactively detect identity theft and privacy data breaches with low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) FL: Identity Thief Sentence to More than 10 Years in Prison - www.DataBreaches.net, 01/30/2015

Friday, February 20, 2015

CEO Accused of Trade Secrets Data Theft

The former CEO of on oil and gas producer is being sued for allegedly stealing corporate trade secrets and using them to start a new company and attract investors.

The former employer is seeking the return of all confidential data as well as payment of compensatory and punitive damages.

"The complaint alleges that in his waning days as CEO he squirreled away massive amounts of data, containing “highly sensitive trade secrets.”."
- Forbes
Organizations don't need wait for a former employee to start a competing business to discover their trade secrets have been stolen. Organizations can utilize low-cost on-demand SaaS analytics services to not only proactively detect data theft by insiders but even predict that an employee is about to leave the company.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Chesapeake Sues McClendon, Alleging Theft Of 'Trade Secrets' - www.Forbes.com, 02/17/2015

Thursday, February 19, 2015

Meaningful Use Incentives Top $28B

The Centers for Medicare and Medicaid (CMS) have paid over $28 billion in meaningful use incentive payments to hospitals and healthcare professionals, according to Modern Healthcare.

Reportedly, payments surged late in 2014 because eligible professionals had to meet program requirements for electronic health records (EHR) by year end.

"127,815 eligible professionals had attested to meaningful use for 2014, including 25,312 new participants and 4,090 eligible hospitals had attested to meaningful use for 2014, including 304 new participants ."
-Centers for Medicare and Medicaid
While widespread use of EHRs is expected to improve healthcare delivery it also can increase the risk of breaches of patient privacy and theft of their identities. Organizations seeking to proactively detect data privacy breaches can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) CMS Has Doled Out $28B in Meaningful Use Incentives - www.iHealthBeat.org, 02/18/2015

Tuesday, February 17, 2015

Police Officer Investigated for Data Privacy Breach

A Minnesota police officer is under criminal investigation for allegedly violating the state's data privacy laws.

The officer is accused of unauthorized access to and sharing of digital video files of candidate interviews for a department promotion. This may have violated new privacy laws that went into effect last year in the wake of reports of widespread snooping by police in the state's driver's license database.

"In a world where all the intimate details of our lives exist in a digital form, these are the types of things that happen. It’s our responsibility to build in some safeguards for people.” ."
- Senator Branden Petersen
Rather than discover a breach after the data has been shared, organizations can proactively detect them with low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) St. Francis police officer subject of criminal investigation over possible data breach - www.StarTribune.com, 01/20/2015

Monday, February 16, 2015

Healthcare Employee Breached Privacy of 14,000

An employee of a medical practice, that is affiliated with a hospital, has put the personal identifiable information (PII) of 14,000 hospital patients at risk for fraudulent activities.

The employee inappropriately accessed patient billing information that contained credit card and debit card numbers, Social Security numbers, and birth dates.

"It is believed an employee may have accessed the billing records outside of their normal job duties from Jan. 7, 2014, to May 7, 2014 ."
- Hospital statement about the privacy breach
The hospital learned of the privacy breaches from law enforcement. Healthcare organizations seeking to proactively detect data privacy breaches and identity thefts can utilize low-cost on-demand Saas analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) UMass Memorial data breach leaves 14,000 at risk - www.SentinelAndEnterprise.com, 01/31/2015

Friday, February 13, 2015

Bank Teller Stole Customer Info for ID Theft Ring

A bank teller in New York, part of a three person identity theft ring, has been sentenced to prison for two to six years.

The teller used her computer access at work to steal personal information about hundreds of customers and then shared the data with her co-conspirators who created false documents and withdrew money from victims' accounts.

"The ring stole over $850,000 by using bank tellers to fraudulently obtain the personal information of hundreds of customers."
- NY State Attorney Generals Office
As is often the case, law enforcement discovered the source of the identity thefts. Organizations seeking to proactively detect identity thefts and privacy data breaches can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) White Plains bank teller convicted of ID theft - www.LoHud.com, 02/10/2015

Thursday, February 12, 2015

Employee Stole Patient IDs for Tax Fraud Scheme

A Florida man who worked in a group home for disabled patients, stole their personally identifiable information (PII) and gave it to a co-conspirator who used it to file fraudulent tax returns.

This insider stole patient identities over a two year period from 2012 - 2014 and over 40 fraudulent tax returns were filed in an attempt to steal $265,000 from the government. He and his co-conspirator have been sentenced to federal prison terms.

"Between 2012 and 2014, [he] used the stolen identities of deceased persons, severely disabled people, and others, in an attempt to steal more than $265,000 from the United States Treasury."
- US Attorney's Office, Northern District Florida
It is unclear why it took two years to discover the ID thefts. Organizations seeking to proactively detect ID theft, rather than learn about it from law enforcement, can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Two Pensacola Men Sentenced to Federal Prison for Tax Refund Fraud and Identity Theft Scheme - www.Justice.gov, 02/10/2015

Wednesday, February 11, 2015

Dental Receptionist Accused of Stealing Over 250 Patient IDs

The Manhattan district attorney indicted 5 people involved in an identity theft ring.

A dental receptionist allegedly stole the personally identifiable information (PII) of hundreds of patients and then shared it with others in the ring who purchased Apple gift cards.

"all it takes is single insider at a company – in this instance, allegedly, a receptionist in a dentists’ office – to set an identity theft ring in motion."
- Manhattan District Attorney, Cyrus Vance Jr.
Unfortunately this is another case where law enforcement, rather than the organization holding the PII, discovered the identity thefts. Organizations seeking to proactively detect ID theft and privacy breaches can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) NYC: Dental Receptionist Accused of Stealing Personal Identifying Information of More Than 250 Patients - www.PHIprivacy.net, 02/05/2015

Tuesday, February 10, 2015

Nurse Snooped Patient's Record then Shared on Social Media

A nurse not only snooped on a patient's medical record but then discussed it on social media.

This UK registered nurse accessed the records of a patient that was not under her care several times between February and April 2013. She has been dismissed and her license has been suspended for 18 months.

"[She] used her privileged position to breach Trust confidentiality policies when she accessed and attempted to access Patient A’s medical records." - The NHS Foundation Trust
Unfortunately it seems the breach was discovered by the patient when she saw a social media posting and requested an investigation. Rather than have a third party detect breaches healthcare organizations can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Newcastle nurse sacked after snooping on medical records and discussing them on social media - www.ChronicleLive.co.uk, 002/04/2015

Monday, February 9, 2015

Anthem Data Breach: Hacker as Insider? Calls for IAI Approach

There have been numerous news items covering the breach of 80 million patients’ personally identifiable information (PII) at Anthem, one of the largest health insurers. Increasingly the articles indicate the hacker may have taken over at least one insider’s account to enable the identity thefts.

The hackers are thought to have used a sophisticated malicious software program that gave them access to the login credential of an Anthem employee. Although that employee, a Senior Database Administrator, by chance noticed someone was using his login credentials, some are reporting that the hackers may have been on the network for at least 60 days prior to the February 5 breach announcement.

"All cybercrime is an inside job, because the criminals are able to penetrate a database from the outside and act as an insider in gaining access to data, which is what occurred in the Anthem breach."
- Forrester analyst
How to detect hackers posing as insiders? Static rules approaches such as "whether access behavior is typical of a user in that role, that job title, or that geographic location" aren’t sufficient and generate massive numbers of rabbit holes. What’s needed is Identity Access Intelligence (IAI) which applies patent-pending behavioral clustering analytics to user and patient activity. This allows the data itself to reveal which activities are legitimate and which are the very few instances of real hacker activity.
For more information see www.Veriphyr.com
Sources:
(a) Anthem Hacking Points to Security Vulnerability of Health Care Industry - www.NewYorkTimes.com, 02/06/2015

Thursday, February 5, 2015

ID Theft Global: Personal Info in China Sells to Highest Bidder

Identity theft is a growing problem worldwide. In China the Beijing Times reports "leaks of personal credit card information have become increasingly serious in China.

Stolen personal information (PII) is sold online and priced according to its "quality." Within minutes buyers can purchase PII for as little as $0.06 while PII on platinum card holders can cost $0.80.

"Leaks of personal credit card information have become increasingly serious in China."
- The Beijing Times
While banks are not allowed to disclose customer information without consent, many bank employees are involved in handling personal information which increases the chance for PII leaks. Financial institutions in any country can detect such insider data leakage by utilizing low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Personal banking info sold to highest bidder in China - www.WantChinaTimes.com, 01/14/2015

Wednesday, February 4, 2015

Bank Employee ID Thefts Led to $5M Tax Refund Fraud

A man has been sentenced to 10 years in federal prison for his part in an ID theft tax refund fraud ring.

To file the fraudulent tax returns he used the personal information (PII) of people he obtained from a relative who stole the data from the bank where she worked. The conspirators filed 526 fraudulent returns claiming $5,063,954 in refunds.

"[He] obtained the personal identifying information from a relative who had stolen the data from a financial institution where she worked."
- US Attorney's Office, Middle District of Florida
It seems the ID thefts were discovered by law enforcement, rather than the bank that held the PII. Organizations seeking proactive detection of identity theft can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) FL: Identity Thief Sentenced To More Than Ten Years In Federal Prison - www.DataBreaches.net, 01/30/2015

Tuesday, February 3, 2015

Doctor Office Employee Stole 8,600 Patient IDs

A Florida man has been sentenced to 61 months in prison for his part in an identity theft tax refund fraud scheme.

A woman, formerly an employee at a physician's office, stole patients' personal information (PII) and sold it to the Florida man. For her part in the scheme she received 36 months in prison.

"[She] acted as a “thief” in this case, stealing PII for [a person] who then sold it to third parties."
- US Attorney's Office, Southern District of Florida
It seems the the identity thefts were discovered by law enforcement, rather than the healthcare organizations holding the PII. Rather than learn about identity thefts and data privacy breaches from third parties organizations can proactively detect them with low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) FL: Miami-Dade County Resident Sentenced In Identity Theft Scheme Involving Over 8,600 Patients’ Identities - www.PHIprivacy.net, 01/28/2015

Monday, February 2, 2015

Financial Services Employee Stole IDs for Tax Fraud

A Florida man, a member of an identity theft tax fraud ring, has been sentenced to 10 years in prison.

He conspired with several others to file 526 fraudulent returns claiming over $5 million in refunds. The personal identifying information (PII) used in the returns was stolen by an employee of a financial institution.

"[He} obtained the personal identifying information from a relative who had stolen the data from a financial institution where she worked." - DataBreaches.net
It seems the identity thefts were discovered by the IRS, not the financial institution holding the PII. Organizations seeking to proactively detect identity theft before third parties do can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) FL: Identity Thief Sentenced To More Than Ten Years In Federal Prison - www.DataBreach.net, 01/30/2015

Popular Posts

Copyright © 2010-2017 by Veriphyr Incorporated, All Rights Reserved.

Contact us at Veriphyr.com.