Wednesday, September 30, 2015

Class Action Insider Patient Data Theft Suit Can Proceed Against Hospital

A class action lawsuit filed by patients against a hospital over the alleged theft of private patient information by an employee has survived a motion to dismiss.

The judge rejected the hospital's argument that future injuries is not legally sufficient to justify the claim. The hospital also argued that while fraudulent tax returns may have been filed in the names of some of the plaintiffs, they failed to show any actual monetary losses. The US District Court judge, however, ruled in favor of the plaintiffs saying “Though they were given careful consideration, defendant’s arguments are ultimately unpersuasive."

"The suit claims the hospital failed to properly safeguard the patient information.."
- The Dothan Eagle
The patient ID thefts went on for almost a year and were probably discovered by law enforcement, not the organization holding the PII. With more class action suits being filed by victims of ID thefts organizations must utilize proactive breach detection solutions such as second-generation behavioral analytics.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Data breach lawsuit against Flowers Hospital survives motion to dismiss - www.TheDothanEagle.com, 09/27/2014

Tuesday, September 29, 2015

Telecom Contractor Stole Customer IDs with Camera

A telecom company has alerted over 200 customers that their personal identifiable information (PII) may have been breached by a contractor.

The telecom spokesperson said it's their understanding that the insider collected the PII by "photographing computer screens where the personal information was displayed." While he went on to say that "such methods make data theft very hard to detect" that statement is not true. There are second-generation proactive analytics that can detect data theft by photographing computer screens.

"[the telecom] spokesperson said the information was collected by photographing computer screens where the personal information was displayed."
- The Star Phoenix
This insider data theft was another case where law enforcement discovered the privacy breach, not the organization holding the PII. Organizations seeking to proactively detect identity theft and data privacy breaches, before third parties do, can utilize on-demand analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) http://www.thestarphoenix.com/touch/story.html?id=11383587 - www.TheStarPhoenix.com, 09/23/2015

Monday, September 28, 2015

Ringleader of $24M ID Theft, Tax Fraud Scheme Sentenced

A woman who worked in a military hospital in Georgia, where she had access to the identification data of military personnel, including soldiers who were deployed to Afghanistan, stole the personal information (PII) of soldiers and used it file false tax returns. She has been sentenced to 15 years in prison.

She and her co-conspirators filed more than 9,000 false individual federal income tax returns that claimed more than $24 million in fraudulent claims for tax refunds. The IDs used in the tax fraud scheme not only came from the US Army but were stolen from a number of organizations including Alabama state agencies and a Georgia call center.

"[she]worked at the hospital...where she had access to the identification data of military personnel, including soldiers who were deployed to Afghanistan."
- Court documents
The identity thefts and fraudulent tax refund scheme occurred from January 2011 through December 2013. It is unclear why the ID thefts went on for such a long time period. The only method to detect such data thefts by an insider is with second generation behavioral analytics.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Ringleader of $24 Million Stolen Identity Tax Refund Fraud Ring Sentenced to 15 Years in Prison - www.DataBreaches.net, 09/27/2014

Friday, September 25, 2015

Bank Insider Stole 700,000 Customer IDs Over Three Years

A former wealth management adviser at a multinational financial services institution pleaded guilty to stealing confidential information on more than 700,000 client accounts over a three and a half year period.

He illegally accessed account holders' names, addresses and other personal information, along with investment values and earnings, from computer systems used by company to manage confidential data.

"Experts Question Why Company Didn't Detected Unauthorized Access Sooner"
- Banking Info Security
Experts are questioning why these breaches went on for so long. But the only method to detect such inappropriate access by an insider is with second generation behavioral analytics.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Guilty Plea in Morgan Stanley Insider Breach - www.BankInfoSecurity.com, 09/25/2015

Expect HIPAA Noncompliance Fines for BAs?

According to privacy attorney Adam Greene, we'll soon see HIPAA on complaince enforcement against a business associate (BA).

The Department of Health and Human Services' Office for Civil Rights generally takes two to three years to settle cases, and business associates first became directly liable for HIPAA compliance in September 2013. Therefore Greene said "I wouldn't be surprised that within the next year we see our first business associate [enforcement] action from something that happened in 2013 or 2014." He advises BAs to pay attention to the issues involving OCR settlements with covered entities.

"OCR is really looking at all the places you have PHI, all the threats to that, all the vulnerabilities and all the corresponding risks, which is very different from a gap assessment."
- Adam Greene, partner Davis Wright Tremaine LLP
According to Greene, "the risk assessment continues to be the biggest challenge, and a lot of it is not having a risk assessment that aligns with OCR guidance." Organizations conducting risk assessments and seeking to proactively detect data privacy breaches can utilize SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Expect HIPAA noncompliance fines for BAs soon, attorney says - www.FierceHealthIT.com, 09/17/2015

Thursday, September 24, 2015

Nursing Home Employee Guilty of Stealing Resident's ID for Fraud

An employee of a senior center in Alabama has been sentenced to four years in prison for stealing the identity of a resident at the center and using it to steal over $300,000 from bank and credit accounts.

From October 2011 through February 2014 the employee carried out a scheme to defraud the resident's credit union account without the victim's authorization. She used the victim’s credit cards to charge thousands of dollars for expenses that "included financing her own wedding, applying money to someone’s prison account, making car and private school tuition payments, and taking trips."

"[she used] the identity of a resident with dementia to steal more than $300,000 from the resident’s bank and credit accounts."
- US Attorney Joyce White Vance
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Former Hoover senior center employee sentenced for identity theft - www.GadsdenTimes.com, 09/17/2015

Tuesday, September 22, 2015

Policeman Fired for Privacy Beach of Colleague's Records

A policeman has been fired for gross misconduct. Without permission he accessed a colleague's computerized application for a job promotion and disclosed the information to another officer who was applying for the promotion.

The officer's misconduct hearing found he "lacked honesty, integrity and confidentiality, which are fundamental values that police officers need to portray in order to maintain public confidence."

"This was a deliberate and flagrant breach of honesty and integrity, and a significant breach in his colleagues’ confidence and trust."
- Police hearing panel
It is unclear how the privacy breach was discovered. Organizations seeking to proactively detect data privacy breaches and identity thefts can utilize SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Police officer dismissed for gross misconduct - www.SuffolkFreePress.co.uk, 09/15/2015

Monday, September 21, 2015

Pharmacist Charged with Privacy Breaches of Prescription Records

A South Carolina drug screener and a pharmacist have been charged with conspiring to steal confidential patient prescription records from a state database so attorneys could use them in Family Court cases.

The two men allegedly plotted to illegally pull information from the state’s prescription database, which more than 63 million records. The restricted system allows officials to monitor for potential misuse of powerful narcotics such as Oxycontin while protecting patient confidentiality.

"As a pharmacist, he has access to the prescription database. But he is accused of illegally pulling records of people not in his care and giving those records to [attorneys]."
- The Post and Courier
It is unclear how the privacy breaches were discovered or over what period of time they occurred. Organizations seeking to proactively detect privacy breaches and identity theft can utilize SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Drug tester, pharmacist deny wrongdoing in alleged prescription records breach - www.PostAndCourier.com, 09/11/2015

Friday, September 18, 2015

SCCE Compliance & Ethics Institute, Oct 4-7, 2015

The Society of Corporate Compliance and Ethics (SCCE) is holding their 14th Annual Compliance and Ethics Institute from October 4-7, 2015 in Las Vegas, Nevada.

This conference is the primary education and networking event for professionals working in the Compliance and Ethics profession across all industries around the world. Sessions at the 2015 conference will offer the latest compliance information on hot topics and current events.

"Sessions are carefully selected and will be presented by leading experts who will explore real-world compliance issues, practical application, emerging trends, and state of the art techniques." - SCCE
John Vastano, PhD, Chief Scientist of Veriphyr, has been invited to lead a a 3.5 hour hands-on tutorial "Immediately Address IT Access Compliance Challenges with These Techniques, Using Tools You Already Have." Details on this and other sessions can be viewed here.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Compliance and Ethics Institute - www.CorporateCompliance.org, 9/17/2015

Thursday, September 17, 2015

Employee Used Police Database for Fraud

/> A former Florida police department civilian employee has been indicted on charges she conspired to commit fraud and illegally used police databases in connection with the scheme.

A co-conspirator would give her license plate numbers of the elderly and she would look up their personal information (PII) in the police databases. The indictment claims she knew this PII would be used to commit crimes, including filing false federal income tax returns and identity theft.

"she gave information from law enforcement databases to others, knowing it would be used to commit crimes, including filing false federal income tax returns and identity theft." - Court documents
It is unclear how the identity thefts were discovered or over what time period they occurred. Organizations seeking to proactively detect identity theft and data privacy breaches can utilize SaaS analytics services.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Learn how Veriphyr Identity and Access Intelligence delivers business insights - with no hardware and no on-site software.
Sources:
(a) Former civilian employee for Tampa police department indicted on fraud charges - www.TBO.com,
12/14/2015

Wednesday, September 16, 2015

Employee Sued for Stealing Employer Proprietary Info

An former employee of a financial services firm is being sued for allegedly breaching a non-compete clause by stealing client lists and targeting clients after he joined a similar firm.

The plaintiff asserts it determined the defendant downloaded confidential information, such as price list secrets and other proprietary information, in the weeks prior to his leaving the firm.

"[Plaintiff] claims [employee] breached a non-compete clause by stealing client lists and targeting clients after he joined a similar firm." - Court documents
It is unclear how the plaintiff first learned about the data breach. Organizations seeking to proactively detect data theft by employees and contractors can utilize SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Former employee sued for allegedly breaching non-compete clause, stealing proprietary information - www.LousianaRecord.com, 09/08/2015

Tuesday, September 15, 2015

Nurse Snooped in Patients' Records

A nurse was found to have snooped in the medical records of 20 patients on 66 different dates over a period of 13 months, according to the New Zealand Health Practitioners' Disciplinary Tribunal. She not only lost her job but was ordered to pay $26,400 toward the costs of the 4 day hearing.

The Tribunal said the breaches were misconduct and could not be defended by cultural differences; they rejected the defense that "everyone else was doing it."

"many of her forays into medical files were "a matter of curiosity", which could not be excused by claims of concern, professional interest, follow up or training."
- Health Practitioners' Disciplinary Tribunal
The breaches were discovered by an audit but it is unclear why the inappropriate access went on for 13 months. Frequent audits on every worker, not just a sample, to proactively detect privacy data breaches are easily accomplished with SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Snooping MidCentral Health nurse censured - www.Stuff.co.nz, 09/09/2015

Monday, September 14, 2015

SCCE Web Conference: Detecting Insider Breaches, Sept 23, 2015

The Society of Corporate Compliance and Ethics (SCCE) is offering a web conference "Proactively Detect Insider Breaches and Data Theft by Employees and Contractors" on September 23, 2015.

The web conference will teach techniques to detect insider breaches not found by SIEMs DLP or other network security tools - using software you know and have, with data your systems are already producing. To register click here.

Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Proactively Detect Insider Breaches and Data Theft by Employees and Contractors - www.CorporateCompliance.org, 09/01/2015

Friday, September 11, 2015

Hospital Insider Stole and Sold Patient Records for 10 Yrs

A hospital clerk pleaded guilty to stealing and selling thousands of patient records over a ten year period.

She accessed and stole maternity records, including the names of mothers and names and birth dates of their babies, and then sold them to financial brokers. Victims of these identity thefts have filed a $412 million class action suit against the hospital. It is estimated that at least 14,450 mothers may have had their confidential patient information stolen.

"[She] engaged in a prolonged campaign to exploit her employment position to mine for and create investor lists solely for profit."
- Ontario Securities Commission
It is unclear how the identity thefts were discovered or why they were allowed to occur for ten years. Organizations seeking to proactively detect identity thefts and privacy data breaches can utilize SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Hospital clerk pleads guilty to stealing, selling patient records - www.TheStar.com, 08/31/2015

Thursday, September 10, 2015

Small MD Practice Fined $750K for HIPAA Privacy Violations

A group practice of 13 oncologists has agreed to pay a $750,000 fine to the Health and Human Services department (HHS) for potential HIPAA privacy violations.

In addition to paying $750,000 the Indiana practice will adopt a robust corrective action plan to correct deficiencies in its HIPAA compliance program. According to Office of Civil Rights director Joceyln Samuels, "Organizations must complete a comprehensive risk analysis and establish strong policies and procedures to protect patients’ health information."

"$750,000 HIPAA settlement emphasizes the importance of risk analysis."
- OCR Director Jocelyn Samuels
Part of a comprehensive risk assessment is controlling access to personal health information (PHI). In addition to preventive controls strong detective controls are key to protecting PHI. Organizations can proactively detect inappropriate access and data theft, even by authorized users, by utilizing SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) HSS Privacy Enforcement Cancer Care Group, P.C. - www.HHS.gov, 09/02/2015

Wednesday, September 9, 2015

Man Sentenced in Florida State ID Thefts, Tax Fraud Scheme

A Florida man has been sentenced to 30 months in prison for his role in an identity theft tax refund fraud scheme that utilized identities from the State of Florida Department of Children and Families (DCF) database.

The personal identification information (PII) – names, dates of birth and social security numbers – of hundreds of individuals was stolen. The fraudulent tax returns were filed between February - July 2014. It is unclear over what time period the identities were stolen from the DCF.

"names, dates of birth and social security numbers – of hundreds of individuals were stolen."
- DataBreaches.net
Unfortunately, as is often the case, law enforcement, rather than the organization holding the PII, discovered the identity thefts. Organizations seeking to proactively detect identity thefts and data privacy breaches can utilize SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Florida Man Sentenced in Stolen Identity Tax Refund Fraud Scheme - www.DataBreaches.net, 09/02/2015

Friday, September 4, 2015

IRS Worker Sentenced for ID Thefts, Tax Fraud

An IRS worker stole taxpayer identities to submit fraudulent tax returns and then pocketed the refunds.

The identity thefts took place over a two year period during which he received $120,000. The court sentenced him to two years in prison and ordered to pay restitution.

"[He] filed more than 50 fraudulent tax returns from 2013 to 2015."
- CPA Practice Advisor
It is unclear why the ID thefts went on for two years or how the identity thefts were discovered. Unfortunately, it is often the case that third parties, rather than the organization holding the identity information, detects the data theft. Organizations seeking to detect ID thefts and data privacy breaches can utilize SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) IRS Workers Busted for ID Theft, Filing Bogus Returns - www.CPAadvisor.com, 09/01/2015

Wednesday, September 2, 2015

College Employee Stole Student IDs for Tax Fraud

A college student stole fellow student IDs while working as a student service assistant at a Florida college and used them to file fraudulent tax returns. Allegedly the thefts of personal identifying information (PII) took place from February 2013 to June 2014.

The now former student has been sentenced to 36 months in prison and ordered to pay $19,083 in restitution.

"The [identity thefts] allegedly happened from February 2013 to June 2014.."
- Court documents
It seems that law enforcement, rather than the organization holding the PII, discovered the identity thefts. Organizations seeking to proactively detect identity theft, rather than learn about it from third parties, can utilize SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) SOURCE_TITLE - SOURCE_NAME_AND_DATE

Popular Posts

Copyright © 2010-2011 by Veriphyr Incorporated, All Rights Reserved.

Contact us at Veriphyr.com.