Hospital Insider Faces ID Theft ChargesAllegedly Used Patient Information to File False Tax Returns
A former employee of two Detroit-area hospitals faces ID theft charges after allegedly using stolen patient information to file false federal income tax returns and reap nearly $500,000 in refunds.
See Also: How to Defend Your Attack Surface
Such insider cases point to the need for the use of behavioral analytics to combat fraud, one security expert says.
The U.S. Attorney's Office for the Eastern District of Michigan announced the indictment of Markitta Washington on six counts of identity theft-related crimes. Also indicted as an alleged accomplice is Martez Lear.
Washington had worked for Henry Ford West Bloomfield Hospital and DMC Harper University Hospital, authorities say. During her time at the two hospitals, she allegedly stole information from patient records and used it to file false tax returns, according to the indictment.
During the execution of a search warrant at a home in Farmington Hills, Mich., where Washington and Lear lived, authorities found bank account information, credit cards, stacks of hospital patient records and notebooks that contained handwritten notes of individuals' names, dates of birth and Social Security numbers. Personal information belonging to approximately 1,400 people was recovered, the indictment notes.
Authorities allege that the pair filed 305 false tax returns in 2011 and 2012, resulting in $489,000 in fraudulent refunds. Most of the refunds were issued using prepaid debit cards, some of which were recovered from Washington and Lear's home, prosecutors say.
"Criminals should know that while technology has made it easier than ever for them to commit identity fraud, technology is also making it easier for law enforcement to catch them," says U.S. Attorney Barbara McQuade. "We are making enforcement of identity theft a high priority because this crime has become so pervasive and can be so damaging to victims."
To fight insider threats, healthcare organizations need to apply behavioral analytics, says Mac McMillan, CEO of the security consulting firm CynergisTek. "Standard rule-based audits are not likely to identify this type of activity, but behavioral and pattern analysis will," he says. "We need to understand what normal behavior is and monitor for variances. That is where you catch the person who is looking at records [inappropriately] and writing information down."