A Florida healthcare worker has been indicted by a U.S. district court for swiping the Social Security numbers and personal data of some 9,000 patients and using them for fraudulent purposes.
Yvenante Achille, 30, an employee of an unnamed community health center in Miami, was indicted April 3, for allegedly accessing and stealing patient identifiable information, according to a press statement from the U.S. Department of Justice. Officials charge that Achille was able to access a computer database at the health center to obtain the Social Security numbers, dates of birth and names of patients for the better part of a year – from August 2013 through March 2014 – which were then provided to a co-conspirator. Using that patient data, the co-conspirator was allegedly able to file a fraudulent tax return.
Achille was charged with seven counts of identity theft, possessions of unauthorized devices and fraud.
This incident, as federal officials emphasized, is far from an isolated event, particularly in Florida. In 2014, Florida saw the highest rate of identity theft in the U.S., according to Federal Trade Commission data, reaching a rate of 186.3 identity theft complaints per 100,000 residents. Miami, specifically, has seen identity theft rates reach "near epidemic proportions," seeing a rate of 316.2 complaints per 100,000 residents.
"HSI will not tolerate criminals taking advantage of our citizens through identity theft schemes, and we will continue to work hand-in-hand with our law enforcement partners to bring them to justice," said Alysa D. Erichs, special agent in charge of Homeland Security Investigations Miami, in an April 9 DOJ press release announcing a list of indictments, including Achille's. "Identity theft causes distressing hardships for many citizens and has a devastating impact on the entire community."
Speaking to Healthcare IT News in April 2014, Suzanne Widup, senior analyst on the Verizon RISK team, said they see insider misuse "quite a bit," especially affiliated with organized crime groups where they either have someone recruited as an insider or they are specifically send to get a job in healthcare where they will eventually facilitate access to sensitive information that's easily monetized, like Social Security numbers associated with patient records.