Hospital employee indicted for fraud after swiping data of 12K
A former employee at a major New York health system has been indicted, along with seven others, for stealing personal data of 12,000 patients, enabling more than $50,000 in fraud.
Manhattan's district attorney last week announced the indictment of Monique Walker, 32, a former assistant clerk at the eight hospital Montefiore Health System, for swiping patient data and supplying it to an identity theft ring. Walker, who had access to patient names, Social Security numbers, dates of birth, among others, reportedly printed the records of as many as 12,000 patients and supplied them to seven other individuals who used the data to make multiple purchases from department stores and retailers.
[See also: Healthcare security: Adapt or die.]
Walker, according to the New York County’s District Attorney’s office, sold the patient records for as little as $3 per record. Co-conspirators were able to open credit cards and make several unauthorized big ticket purchases at Barneys New York, Lord & Taylor and Bergdorf Goodman, among others. Defendants have been charged with grand larceny, unlawful possession of personal identification information, identity theft and criminal possession.
"In case after case, we've seen how theft by a single company insider, who is often working with identity thieves on the outside, can rapidly victimize a business and thousands of its customers," said New York County District Attorney Cyrus R. Vance Jr. in a June 18 press statement announcing the indictment. "I thank Montefiore Medical Center for taking immediate steps to alert authorities to ensure that those involved are held responsible, and moving swiftly and responsibly to notify and protect patients."
The case of insider misuse with patient data within healthcare organizations is nothing new. In fact, according to Verizon's annual data breach investigations report published this spring, security incidents caused by insider misuse – think organized crime groups and employee snooping – jumped from 15 percent last year to 20 percent in 2015.
"We're seeing organized crime groups actually position people where possible in healthcare organizations so they can steal information for tax fraud," Suzanne Windup, senior analyst on the Verizon RISK team, told Healthcare IT News this spring. "As organizations are putting in better monitoring and they're reviewing access logs, they're finding more cases of snooping."
[See also: Report: Healthcare state of security a mixed bag.]
As Cathleen A. Connolly, FBI supervisory special agent explained at Healthcare IT News' Privacy & Security Forum this past March, "your people that work for you are a very large threat," speaking in the context of combatting insider threats within healthcare.
What's more, according to data from the U.S. Department of Health and Human Services, unauthorized access or disclosure accounts for 5.3 million of the patient data compromised in HIPAA breaches.