Skip to navigation

DataBreachToday.eu

spacer
  • USA
  • UK
  • Europe
  • India
  • Asia
  • Sign In
  • Subscribe
  • Home
  • Articles

ID Theft Incident Leads Breach Roundup

Employee Stole Information on 2,800 Patients

By Jeffrey Roman, February 13, 2013. Follow Jeffrey @ISMG_News
Credit Eligible
  • spacer spacer
  • spacer
  • spacer spacer spacer
spacer
spacer

In this week's breach roundup, a former employee at the Palm Beach County Health Department in Florida has been charged with identity theft. Also, security vendor Bit9 reports a breach that caused the issuance of digital certificates that were illegitimately used.

Arrest in Florida ID Theft Case

A former employee at the Palm Beach County Health Department in Florida has been arrested and charged with identity theft.

Related Content

  • CapOne Site Takes DDoS Hit
  • Vulnerability Floors Vulnerability Database Site
  • ID Theft: 2013 Top Trends
  • 2012's Top Breaches & Lessons Learned
  • The Security Highlight of HIPAA Omnibus

Related Whitepapers

  • Kroll Advisory Solutions 2013 Cyber Security Forecast

Salita St. Simon, formerly a senior clerk at the health department, allegedly obtained patient identification information, including names and Social Security numbers, from the health department's computer system and then provided it to others who used it to file fraudulent tax returns, according to the U.S. Attorney's Office for the Southern District of Florida.

St. Simon allegedly stole information on more than 2,800 patients last year, authorities say.

If convicted, St. Simon faces up to five years in prison and three years of supervised release.

Vendor Concedes It Let Its Guard Down

Bit9 says its failure to install its own information security products to detect intrusions on its network has resulted in a breach, causing the issuance of digital certificates that were used illegitimately to sign malware affecting three customers.

President and Chief Executive Patrick Morley, in a Bit9 blog post, characterizes the failure as an "operational oversight," adding that its products were not compromised. "We simply did not follow the best practices we recommend to our customers by making certain our product was on all physical and virtual machines within Bit9," he says.

Bit9 says it had notified affected customers - Morley didn't identify them - and has reached out to all of its customers to ensure them they are no longer vulnerable to malware associated with the affected certificate.

Insider Incident Leads to Class Action

In a class action lawsuit filed in New York, 12 plaintiffs who were treated at North Shore University Hospital claim the hospital was negligent, breached fiduciary duty and violated several laws, including HIPAA, when a former hospital worker stole patient record face sheets - the top sheets on patients' paper files - and subsequently used personal information to allegedly open fake credit card and cell phone accounts. The incidents occurred in 2010.

The plaintiffs are suing for $50 million in punitive damages and an unspecified amount for actual damages, according to news reports.

North Shore-LIJ Health System, which owns North Shore University Hospital, says more than 100 patients were affected by the 2010 ID theft incident.

The health system sent letters to about 200 patients in late 2011 and early 2012 notifying them that their personal information may have been compromised and offering free credit monitoring for a year, says Terrance Lynam, a spokesman for North Shore-LIJ. So far, about half of those patients have reported fraudulent credit card activity, he adds.

Follow Jeffrey Roman on Twitter: @ISMG_News

  • spacer spacer
  • spacer
  • spacer spacer spacer
spacer
ARTICLE How the Dots Connect Hacks to Chinese

A strategic security analyst from Mandiant, the company that's examining recent hacks from the...

Latest Tweets and Mentions

ARTICLE How the Dots Connect Hacks to Chinese

A strategic security analyst from Mandiant, the company that's examining recent hacks from the...

The ISMG Network

  • spacer
    Article

    IRS Agents Sued in Health Records Case

    Suit Alleges 10 Million Patients' Info Improperly Seized

  • spacer
    Article

    HIPAA Omnibus: Business Associate Impact

    OCR's Susan McAndrew Offers In-Depth Analysis

  • spacer
    Article

    Targeted Attacks: The Best Defense

    Kevin Epstein of Proofpoint on New Strategies, Solutions

  • spacer
    Interview

    How Phishing Attacks Are Evolving

    Poor Internet Hygiene Enables Criminal Activity

  • spacer
    Whitepaper

    The Insider Threat

  • spacer
    Whitepaper

    It's a Legal Matter

  • spacer
    Whitepaper

    Over, Under or Accurate Notification?

  • spacer
    Article

    HHS Collaborates on Cybersecurity

    Effort to Carry Out President's Executive Order

  • spacer
    Interview

    Defending Against Targeted Attacks

    Kevin Epstein of Proofpoint on New Strategies, Solutions

  • spacer
    Article

    Analyzing Health Data Breach Trends

    Fewer Individuals Affected in 2012; What's Ahead for 2013?

prev next