University of Florida reports patient identity theft ring

[InfoSec News <alerts () infosecnews org>]

http://healthitsecurity.com/2013/04/04/university-of-florida-reports-patient-identity-theft-ring/

By Patrick Ouellette
Health IT Security
April 4, 2013

The University of Florida (UF) medical clinic announced yesterday that a 
former medical clinic employee, Arthur Thomas, had breached the data of 
nearly 15,000 patients as part of an identity theft ring.

Thomas was arrested Tuesday, according to The Gainesville Sun, and stole 
patient data from UF&Shands Family Medicine at Main from March 2009 and 
October 2012 and included patients’ insurance information, names, 
addresses, dates of birth and Social Security numbers while selling the 
information to a third party. The university learned of the breach on 
Oct. 25, but state law enforcement prevented it from notifying patients 
until the criminal investigation was complete. Though it’s unsure how 
much of the patient data was sold, UF sent out letters to 14,339 
patients, but was unable to find addresses for 450 of them.

There was also a second accomplice in the data theft, Daremia Crews, who 
was arrested by the State Attorney’s Office in January. Crews was an 
intern at the Brentwood Primary Center, affiliated with Shands Hospital 
at Jacksonville, and she allegedly sent 261 identities to her ring 
source. The Office of the State Attorney, Internal Revenue Service and 
U.S. Secret Service have been involved with the ongoing investigation as 
well.

[...]

______________________________________________
Attend #HITB2013AMS April 8th - 11th in Amsterdam.
Featuring over 42 international speakers and keynotes
by Bob Lord and Edward Schwartz http://conference.hitb.org