BreachExchange mailing list archives
PA health system reports 144-patient data, identity theft
From: Erica Absetz <eabsetz () opensecurityfoundation org>
Date: Thu, 14 Mar 2013 13:08:04 -0400
http://healthitsecurity.com/2013/03/13/pa-health-system-reports-144-patient-data-identity-theft/ In what’s turned out to be a multi-layered case, 144 patients of Community Hospital in Chester and Crozer-Chester Medical Center in Upland, PA had their names, dates of birth and Social Security numbers stolen in an IRS tax fraud sting from January 2008 to September 2011. Rafael Henriquez Polanco, 30, and wife, Yanira Lopez, 27, according to delcotimes.com, allegedly filed fraudulent tax returns with fake W2 forms, sought $1.7 million in refunds and ended up with $257,710 in return money from the U.S. Department of the Treasury. The couple had paid hospital employees to steal confidential medical forms and from there they would use those forms to steal patient identities. The couple is facing charges ranging from conspiracy to defraud the government, aggravated identity theft, passport fraud and presentation of an immigration application containing a false statement. The report also says that Lopez was charged with wire fraud and is looking at 52 years in prison if convicted while Polanco faces 32 years in jail if convicted. The U.S. Department of State Diplomatic Security Service, the Department of Labor, IRS Criminal Investigations, and Immigration and Customs Enforcement Homeland Security Investigations handled the case and charges. But one has to wonder whether the Department of Health and Human Services (HHS) plans on getting involved in the case to see if Crozer could have prevented the patient data theft. Polanco and Lopez were Crozer Keystone Health System and, according to philly.com, Crozer spokesman Grant Gegwich said two employees, non-professional employees of the hospital employees, have been terminated for their involvement. While there were no other details, Gegwich said procedures for handling and disposal of documents containing patient information have been modified. Considering that Gegwich said the hospitals were notified of the information theft in October 2011, will those modifications be sufficient if HHS or the Office for Civil Rights (OCR) comes knocking? _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security equips organizations with security intelligence, risk management services and on-demand security solutions to establish customized risk-based programs to address information security and compliance challenges.
Current thread:
- PA health system reports 144-patient data, identity theft Erica Absetz (Mar 15)