Nassau County DA says multiple ID theft crews hit North Shore-LIJ

[Erica Absetz <eabsetz () opensecurityfoundation org>]

http://www.phiprivacy.net/?p=11853

More information has been disclosed about data security breaches
affecting patients at North Shore University Hospital – Long Island
Jewish Hospital. In April 2012, we learned that there had seemingly
been two separate incidents, one involving a nurse from Brooklyn. But
it seems that there was a lot more data theft and misuse going on than
we previously knew. Matthew Chayes reports that there have been at
least three separate ID theft crews that have stolen patient face
sheets with patients’ information. At least one of the criminal
enterprises involved an insider. As Chayes reports:

According to prosecutor Kellie McKenna, to date five people have been
arrested in the cases, and several have pleaded guilty. There is a
warrant out for one of the thieves.

In one case, a worker tasked with doing intake for hospital employees
who needed physicals is accused of stealing or photocopying their face
sheets. A cohort, who did not work at the hospital, was caught using
the stolen data at the music store Sam Ash in Carle Place and Walmart
in Westbury, according to court records.

In another case, a crew used information gleaned from the face sheets
to go shopping at stores all over the Eastern Seaboard. More than 100
patients were targeted in that scam alone.

Prosecutors secured several guilty pleas in that case, jail time was
served, but the actual thief or thieves who obtained the face sheets
was never found, nor was it conclusively determined how they were
obtained.

“But wait, there’s more,” it seems. Chayes also reports that there is
also an ongoing investigation of “several workers employed at medical
practices affiliated with North Shore-LIJ. They are suspected of
filching patient information to file false tax returns under those
patients’ names and obtain fraudulent tax refunds.”

As noted previously on this blog, a class action lawsuit was filed
against the health system.

There is no breach incident for North Shore University Hospital or
North Shore-LIJ Health System listed on HHS’s breach tool, nor for any
of their other hospitals.

If the hospital has been the victim of three or more breaches that
they failed to prevent or detect, I can only imagine that they are in
for a serious investigation by HHS.
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.