[BreachExchange] Feds bust dozens for ID theft, including former Jackson Health secretary

Tue Jan 31 19:09:30 EST 2017

http://www.miamiherald.com/news/health-care/article129792849.html

Calling South Florida the “epicenter of identity theft,” U.S. Attorney
Wifredo Ferrer on Tuesday announced federal charges against more than 100
suspected fraudsters involved in various schemes to steal personal
information from tens of thousands of victims — and using that data in an
attempt to steal more than $60 million.

Among those charged is a former secretary for Jackson Health System who is
accused of playing a key role in a scheme that stole more than 24,000
patient records and used the information to file fraudulent tax returns
with the Internal Revenue Service.

“These identity thieves are stealing the blueprints of our lives,” Ferrer
said during a press conference where he was joined by representatives from
dozens of federal agencies involved in the crackdown, including the IRS and
FBI.

The bust announced Tuesday is among the biggest since federal, state and
local officials formed the South Florida Identity Theft Fraud Strike Force
to combat the rise in tax refund scams in 2012.

Charges have been filed against 104 defendants in 81 cases where the
personal information of more than 30,000 individuals was “compromised,”
Ferrer said. He added that 64 people have been arrested or are already in
custody in connection with the bust.

Ferrer noted that identity thieves can strike at hospitals, gas stations
and even homes through phone calls and emails soliciting personal
information. Among the identity theft crimes alleged were credit card fraud
and take overs of credit card accounts, cell phones and even government
programs, such as Social Security and unemployment benefits.

The most prolific of the alleged identity thieves announced Tuesday was
Evelina Sophia Reid, a hospital unit secretary and Jackson Health employee
since 2005. A grand jury indicted Reid this month, charging her with 14
counts of computer fraud, identity theft and possession of patients’
personal information, including birth dates and Social Security numbers.

Ferrer said hospitals and other institutions, such as schools and large
employers, need to do a better job of protecting personal identifying
information from thieves.

“They need to have robust safeguards to make sure this type of information
is not so easily accessible,” he said. “What we have seen over and over
again is that way too many employees have access to this information.”

According to the indictment, Reid stole patient records from computers at
Jackson — Miami-Dade’s public hospital system — and then delivered the
information to accomplices who filed fraudulent tax returns for those
patients.

If convicted of the charges, Reid could face dozens of years in prison.

Reid was suspended in February 2016 on suspicion of stealing reams of
private patient information between 2012 and 2016. Calling Reid a “rogue”
employee, Jackson officials placed her on administrative leave and stripped
her of access to all hospital facilities and records in February 2016. At
the time, hospital officials said Reid’s theft may have compromised more
than 24,000 records over five years.

Jackson Health officials did not immediately respond to a request for
comment about Reid and the hospital system’s measures to deter identity
theft among patients.

But in a February 2016 memo to Miami-Dade commissioners, Jackson CEO Carlos
Migoya said the hospital was cooperating with police to investigate Reid’s
involvement in the theft of patients’ private information, which is
protected under federal law through the Health Insurance Portability and
Accountability Act, or HIPAA.

With Jackson Health in the midst of a $1.4 billion makeover, much of it
paid for with taxpayer-financed bonds, Migoya noted the harm that such data
breaches can cause to Jackson Health and its efforts to attract more
patients.

“For Jackson’s transformation to continue succeeding,” he wrote last year,
“we must have an impeccable reputation for respecting the privacy of our
patients and their records. Even one dishonest employee can tarnish the
reputation of our 11,000 committed and loyal healthcare professionals.”

At the time, Migoya wrote that Jackson Health was in the process of
upgrading security for private patient information, and that the hospital’s
estimated 11,000 employees had completed additional training on patient
privacy.

The hospital system said it also notified patients whose personal
information may have been stolen, and offered to pay for credit-monitoring
services.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170131/5d3c235f/attachment.html>