Monday, August 31, 2015

Hospital Insider Stole Patient IDs

A Mississippi hospital was notified by law enforcement that an employee was under investigation for the theft of over 800 patients' identities. It appears the hospital employee stole patient identities from February 2013 through June 2015.

Information stolen included patient names, addresses, dates of birth, Social Security numbers, health plan numbers and clinical information and, “in some cases, it may have also included information regarding any other person responsible for payment of care,” according to the hospital press release.

"It appears the hospital employee stole patient identities from February 2013 through June 2015."
Unfortunately the identity thefts were discovered by law enforcement, rather than the organization holding the identity information. Organizations seeking to proactively detect identity theft and data privacy breaches, instead of from third parties, can utilize SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) SOURCE_TITLE - SOURCE_NAME_AND_DATE

Friday, August 28, 2015

Hospital Worker Stole Patients' Personal Information

An account representative at a Long Island New York hospital has been arrested for stealing patients' personal identifying information (PII) such as Social Security numbers and credit card information.

It seems the Nassau county police discovered the identity thefts, not the organization that was holding the patients' PII. Unfortunately this is often the case with identities stolen from healthcare organizations.

"she stole Social Security numbers and credit card information while she worked out of a [hospital] office." - Newsday
Organizations seeking to proactively detect identity theft and privacy data breaches, rather than learn about them from third parties, can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Winthrop-University Hospital worker charged with stealing patients' personal information, cops say - www.Newsday.com, 08/21/2015

Thursday, August 27, 2015

Court: FTC Has Authority to Regulate Data Security

A U.S. appeals court ruled the Federal Trade Commission (FTC) has authority to regulate corporate cyber security, and may pursue a lawsuit against a hotel operator for failing to properly safeguard consumers' information.

The 3rd US Circuit Court of Appeals in Philadelphia, in a 3-0 decision, upheld an April 2014 lower court ruling allowing the case to hold the hotel operator accountable for breaches customers' personal identifying information (PII) that led to over $10.6 million in fraudulent charges.

"It is not only appropriate, but critical, that the FTC has the ability to take action on behalf of consumers when companies fail to take reasonable steps to secure sensitive consumer information."
- FTC Chairwoman Edith Ramirez
If the FTC can take action against companies in any industry that don't adequately protect the customer PII in their possession, then companies need to be proactive in protecting such data. For proactive detection of PII theft by insiders, or hackers posing as insiders, organizations can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) FTC has power to police cyber security: appeals court - www.Reuters.com, 08/24/2015

Wednesday, August 26, 2015

Data Breaches at Record Highs - Up 2.2% Over 2014

As of August 18, 2015, US data breaches have reached record highs. Five-hundred and five breaches is a 2.2% increase over 2014's record number of 494 for the same time period, according to a report by the Identity Theft Resource Center (ITRC).

The business and healthcare industries top the list at 39.4 and 34.9, respectively. The ITRC compiles the breach list after confirming with various media sources as well as notifications from government agencies.

"The business and healthcare industries top the list at 39.4 and 34.9, respectively."
Organizations seeking to proactively detect identity theft and data privacy breaches by insiders, or a hacker posing as an insider, can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Identity Theft Breach Report 2015 - www.idtheftcenter.org, 08/18/2015

Tuesday, August 25, 2015

Feds Arrest Bank Employees for Tax Fraud Scheme

Federal investigators have indicted several employees from three Atlanta banks for their involvement in a tax refund fraud scheme. They filed more than 2,000 fraudulent tax returns in an effort to obtain more than $2 million in fraudulent tax refunds.

The ring leader recruited bank employees to open bank accounts using the personally identifying information (PII) of other individuals. The fraudulent refunds were deposited into these accounts and used to buy money orders which were cashed at check-cashing businesses around Atlanta. According to the investigators, the scheme operated from. February 2013 until March 2014. It is unknown at this time if the PII was stolen by the bank employees.

"fraudulent tax returns were filed using personally identifying information belonging primarily to elderly retirees and children aged 10 and younger."
-Biz Journals.com
It is unclear why the ID thefts went on for almost one year. Organizations seeking to proactively detect identity theft and data privacy breaches can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Feds bust Wells Fargo, SunTrust and PNC bank employees in tax refund scam - www.BizJournals.com, 08/21/2015

Friday, August 21, 2015

Hospital Employees Fired for VIP Snooping

A Virginia hospital has disciplined, or in some cases fired, fourteen employees for snooping on the medical records of a high profile patient.

These fourteen employees were found to have inappropriately accessed the patient’s medical records without any clinical reason for doing so. The hospital, in accordance with HIPAA regulations, prohibits employees from accessing medical records if they are not directly involved in that patient’s care.

"Fourteen employees were found in violation of a patient’s privacy rights."
- The Roanoke Times
The hospital stated they "find out about patient privacy concerns through complaints or by monitoring high-profile patients’ medical records." Rather than depend on third parties or just monitoring VIPs, healthcare organizations can easily proactively detect all inappropriate activity by utilizing low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Carilion employees disciplined for violating patient privacy in high-profile case - www.Roanoke.com, 08/18/2015

Thursday, August 20, 2015

Fitness Club Employee Accused of Stealing Colleagues' IDs

The personnel manager of a fitness club in Maine has been charged by his employer of stealing "highly sensitive personal and financial information” about its employees." accussed

The company was concerned that the employee had downloaded confidential information to which he had access, such as ADP records, to his personal computer. These reports could contain personally identifiable information (PII) about approximately 900 of the company's employees, including the executive team.

"he has been charged with stealing highly sensitive personal and financial information” about [the company's] employees.."
- DataBreaches.net
It is unclear how they detected the identity thefts. Organizations seeking to proactively detect identity theft and data privacy breaches can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Planet Fitness accuses former employee of stealing personnel data - www.DataBreaches.net, 08/18/2015

Wednesday, August 19, 2015

HCCA Web Conference: Detecting Insider Breaches, August 26, 2015

The Health Care Compliance Association (HCCA) is offering a web conference "Proactively Detect Healthcare Privacy Breaches and Identity Theft by Insiders" on August 26, 2015.

The web conference will teach techniques to detect privacy breaches not found by EHR standard reports - using software you know and have, with data your systems are already producing. To register click here.

Sources:
(a) Proactively Detect Healthcare Privacy Breaches and Identity Theft by Insiders - www.HCCA.org,

08/18/2015

Tuesday, August 18, 2015

Court to Consider Employer Liability for Employee Data Breaches

Employer liability for data breaches by its employees is an underdeveloped area of the law. However in Massachusetts there is a case pending to determine the scope of this liability.

The Adams v. Congress Auto Insurance Agency suit is about the alleged actions of an employee regarding the plaintiff's personal information. The employee's boyfriend hit a vehicle operated by Adams. The employee then accessed the insurance database for personal information about Adams which she gave to her boyfriend. Adams sued the insurance company for alleged emotional harm stemming from the intimidating phone calls by claiming the employer negligently permitted the employee to access and misappropriate his private information.

"internal data breaches are generally more prevalent and represent a primary source of concern for data security managers." - Privacy and Security Matters
While there are many external data breaches of a company’s electronic systems, internal data breaches are more prevalent and represent a source of concern for data security managers. Organizations seeking to proactively detect data privacy breaches by insiders, even those with authorized access, can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) ssachusetts Appeals Court Set to Consider Scope of Employer Liability for Employee Data Breaches - www.PrivacyAndSecurityMatters.com, 08/04/2015

Monday, August 17, 2015

Policemen Sued for Snooping on Colleague's Personal Information

Two Jacksonville police officers looked up the a Florida highway patrol trooper’s personal information using a police database that is limited to use in investigations. The trooper has now sued the city of Jacksonville and the two officers.

The trooper ticketed a Miami police officer for driving over 120 mph. After the incident garnered national attention the Florida Department of Law Enforcement found that police officers across the state looked up her personal information without a police-related reason.

"The [police] database is limited for use only for legitimate law enforcement purposes."
- FirstCoast News
Organizations seeking to detect that employees and contractors are only accessing databases for legitimate purposes can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Florida Highway Patrol trooper sues two Jacksonville cops, alleging they illegally looked up her information - www.FirstCoastNews.com, 08/15/2015

Friday, August 14, 2015

A Third of Workers Would Leak Biz Data for Right Price

A recent survey serves as a reminder about insider theft risk -- the possibility that a company insider will steal sensitive data. A third of employees would sell information on company patents, financial records and customer credit card details if the price was right, according to a survey of 4,000 employees in the UK, USA, Germany and Australia.

The poll also found that for £5,000 ($8,000 USD) a quarter of them would steal sensitive data, risking their job and criminal convictions. The number of employees open to bribes increased to 35 per cent when the offer was increased to £50,000 ($80,000 USD).

"three per cent of employees would consider offers as low as $150 [to leak data]." - The Register
While preventive measures such as staff training are helpful, detective measures such as proactive data breach detection is critical for a comprehensive data risk management.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) A third of workers admit they'd leak sensitive biz data for peanuts - www.TheRegister.co.uk, 07/29/2015

Wednesday, August 12, 2015

Hospital Employee Stole Coworkers' IDs for Credit Card Fraud

A Florida hospital employee was arrested and charged with stealing co-workers’ identities to shop and pay her bills. Most of her 20 victims were employees at the hospital where she worked.

Police suspect she used the stolen identities to open fraudulent accounts and charge abut $20,000. The identity thefts were discovered when one of the victims contacted police.

"Police soon discovered [she] had stolen 20 identities to purchase items at Nordstrom and to pay her bills,." - Arrest report
Unfortunately identity theft is often discovered by a third party, rather than the organization that is holding the personal identifying information (PII). Organizations seeking to proactively detect identity theft and data privacy breaches, rather than learn about them from third parties, can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Woman accused of stealing identities of coworkers, going shopping - www.Sun-Sentinel.com, 08/10/2015

Tuesday, August 11, 2015

Hospital Employee Stole Patient IDs for $9M Tax Fraud Scheme

A military hospital employee has been sentenced to about 13 years in prison for her role in a stolen identity theft ring. More than 1,000 stolen identities, 9,000 false tax returns, claimed more than $24 million and resulted in about $9 million paid out by the IRS in fraudulent refunds.

She stole the identities of 99 soldiers, some of whom were deployed to Afghanistan when their identities were stolen. Her co-conspirators included a U.S. Postal Service employee recruited to deliver the fraudulent returns to different addresses that were within the rings control.

"The amount of money involved (in this scheme) is mind boggling." - US District Judge Kristi DuBose
It is unclear how the identity thefts were discovered but often in tax refund fraud cases the IRS, rather than the organization holding the victims' personal identifying information (PII), is first to know. Organizations seeking to proactively detect identity theft and data privacy breaches can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) 8 sentenced in $9 million fraud scheme - www.MontgomeryAdvertiser.com, 08/07/2015


Monday, August 10, 2015

Insider Stole IDs to Obtain Welfare Benefits

An employee of the Florida Department of Children & Families stole the identities of public-assistance applicants and used them to obtain benefits for her own family members.

Miami-Dade prosecutors say that for nearly four years, she used her position to help steal the the identities of several unsuspecting people, getting fraudulent benefit cards used to buy nearly $20,000 in food and groceries

" for nearly four years, she used her position to help steal the the identities of several unsuspecting people." - Miami-Dade prosecutors
The identity thefts were discovered when someone complained someone was using her and her childrens' identities to receive benefits. Unfortunately, it is often the case that a third party, not the organization holding personal identifying information (PII), who discovers the ID theft. Organizations seeking to proactively detect
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) State: DCF employee, husband stole identities to get public assistance - www.MiamiHerald.com, 06/05/2015

Friday, August 7, 2015

Prison Officer Fined for Snooping on Prisoners' Records

A senior prison officer has pleaded guilty to unlawfully using a work computer to obtain information about prisoners involved in a drugs syndicate. He said he snooped out of curiosity, not for any personal gain.

The Perth, Australia magistrate accepted that his acted out of curiosity and fined him $5000AUD.

"A senior prison officer who used a work computer to obtain information about prisoners involved in a drugs syndicate "out of curiosity" has been fined $5000."
- NTnews.com.au
It is unclear how the data privacy breach was discovered. Organizations seeking to proactively detect identity theft and data breaches can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) WA prison officer fined for snooping - www.NTnews.com.au, 08/07/2015

Thursday, August 6, 2015

Privacy Commissioner at Odds Over Disclosing Action Against Snooping Healthcare Worker

A records clerk at a Canada hospital viewed her own medical as well as five other individuals’ health records without a need-to-know. According to the Saskatchewan information and privacy commissioner the employee viewed the private information to satisfy curiosity and alleviate boredom.

The commissioner's office made a number of recommendations, including to "Disclose the details of the disciplinary action taken against the employee to the affected individual(s) and to all regional health authority employees and practitioners." The hospital however feels that would be disclosing personal information. The commissioner agrees but stated "however, given the seriousness of employee snooping and how it undermines patient trust, I would argue that there is a public interest disclosure of such personal information".

"given the seriousness of employee snooping and how it undermines patient trust, I would argue that there is a public interest disclosure of such personal information."
- Saskatchewan information and privacy commissioner
The privacy breach came to light in early 2015 through a regular audit. While the commissioner recommended "monitor employees who have snooped for a period of years instead of months" all employees and contractors should be monitored frequently to proactively detect insiders who steal IDs or breach data privacy. This can effectively and efficiently be accomplished by utilizing low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Sask. privacy commissioner, SHRA at odds over privacy breach - www.GlobalNews.ca, 08/04/2015

Wednesday, August 5, 2015

Correctional Officer Stole Inmate IDs for Tax Fraud Scheme

A correctional officer in Alabama has been sentenced to sentenced to 32 months in prison for his involvement in a stolen identity tax refund fraud (SIRF) scheme.

He stole the personal identification information (PII) of approximately 150 individuals who were processed at the jail between January 2014 and January 2015, according to court documents. He then provided those identities to his co-conspirators who filed fraudulent federal income tax returns claiming fraudulent. The now former correctional officer was paid in pre-paid debit cards in the names of the identity theft victims for his involvement in the scheme.

"It is always a sad day when a law enforcement officer sworn to uphold the law, takes advantage of his position for his own personal gain." - US Attorney Beck
It is unclear how the identity thefts were discovered and why they went on for a year. Organizations seeking to proactively detect identity theft and privacy data breaches can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Former correctional officer sentenced to prison for stealing identities of Troy jail inmates - www.AL.com, 08/04/2015

Tuesday, August 4, 2015

DOD Insider Stole Classified Data from Military Computers

A Florida man, while working as a contract computer systems administrator, accessed a classified Department of Defense network without authorization and removed classified national defense information including intelligence reports and military plans. He has been sentenced to 120 months in prison.

Assistant Attorney General Carlin said "[The man] exploited his position as a cleared military contractor and systems administrator to steal classified U.S. military secrets. In doing so, he violated the unique trust placed in him by the Department of Defense. Insider threats by trusted employees who exploit computer access are a significant danger to U.S. national security and this sentencing shows it will not be tolerated.”

"Insider threats by trusted employees who exploit computer access are a significant danger to U.S. national security. "
- Assistant Attorney General Carlin
It is unclear how this insider data theft was discovered. Organizations seeking to proactively detect data theft, even by authorized users, can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Former DOD Contractor/Sysadmin Sentenced for Accessing and Removing Classified Information from Military Computers (updated) - www.DataBreaches.net, 08/01/2015

Monday, August 3, 2015

Hospital Employee Stole Patient IDs for Tax Fraud Conspiracy

A hospital employee who stole patient identities, including Social Security numbers, and then used them to file fraudulent tax returns was among four people sentenced to prison for conspiracy to commit fraud and identity theft, according to the United States Attorney for the Middle District of Georgia. Over 1,100 fraudulent tax returns were filed between January 2011 and February 2013 and $1,107,802 in refunds were obtained from the IRS.
"[She] was employed at [the hospital] during the time of the conspiracy."
- US Attorney, Middle District Georgia
It is unclear how the identity thefts were discovered. Healthcare organizations seeking to proactively detect identity theft and privacy data breaches can utilize low-cost on-demand SaaS analytics services.
Down
Sources:
(a) Four Sentenced For Filing Over 1100 Fraudulent Tax Returns In South Georgia - www.DataBreaches.et, 08/01/2015

Popular Posts

Copyright © 2010-2017 by Veriphyr Incorporated, All Rights Reserved.

Contact us at Veriphyr.com.