TRENDING:

ID Theft Incident Leads Breach Roundup

Employee Stole Information on 2,800 Patients Jeffrey Roman (gen_sec) • February 13, 2013    
ID Theft Incident Leads Breach Roundup

In this week's breach roundup, a former employee at the Palm Beach County Health Department in Florida has been charged with identity theft. Also, security vendor Bit9 reports a breach that caused the issuance of digital certificates that were illegitimately used.

See Also: Live Webinar | Breaking Down Security Challenges so Your Day Doesn’t Start at 3pm

Arrest in Florida ID Theft Case

A former employee at the Palm Beach County Health Department in Florida has been arrested and charged with identity theft.

Salita St. Simon, formerly a senior clerk at the health department, allegedly obtained patient identification information, including names and Social Security numbers, from the health department's computer system and then provided it to others who used it to file fraudulent tax returns, according to the U.S. Attorney's Office for the Southern District of Florida.

St. Simon allegedly stole information on more than 2,800 patients last year, authorities say.

If convicted, St. Simon faces up to five years in prison and three years of supervised release.

Vendor Concedes It Let Its Guard Down

Bit9 says its failure to install its own information security products to detect intrusions on its network has resulted in a breach, causing the issuance of digital certificates that were used illegitimately to sign malware affecting three customers.

President and Chief Executive Patrick Morley, in a Bit9 blog post, characterizes the failure as an "operational oversight," adding that its products were not compromised. "We simply did not follow the best practices we recommend to our customers by making certain our product was on all physical and virtual machines within Bit9," he says.

Bit9 says it had notified affected customers - Morley didn't identify them - and has reached out to all of its customers to ensure them they are no longer vulnerable to malware associated with the affected certificate.

Insider Incident Leads to Class Action

In a class action lawsuit filed in New York, 12 plaintiffs who were treated at North Shore University Hospital claim the hospital was negligent, breached fiduciary duty and violated several laws, including HIPAA, when a former hospital worker stole patient record face sheets - the top sheets on patients' paper files - and subsequently used personal information to allegedly open fake credit card and cell phone accounts. The incidents occurred in 2010.

The plaintiffs are suing for $50 million in punitive damages and an unspecified amount for actual damages, according to news reports.

North Shore-LIJ Health System, which owns North Shore University Hospital, says more than 100 patients were affected by the 2010 ID theft incident.

The health system sent letters to about 200 patients in late 2011 and early 2012 notifying them that their personal information may have been compromised and offering free credit monitoring for a year, says Terrance Lynam, a spokesman for North Shore-LIJ. So far, about half of those patients have reported fraudulent credit card activity, he adds.

Previous
HIPAA Omnibus' Trickiest Provision
Next
Finding the Balance in BYOD

About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.



Around the Network

Securing OT and IoT Assets in an Interconnected World
Securing OT and IoT Assets in an Interconnected World
What's Inside Washington State's New My Health My Data Act
What's Inside Washington State's New My Health My Data Act
Why Cyber Defenders Need Partnerships, Tools and Education
Why Cyber Defenders Need Partnerships, Tools and Education
Top Privacy Considerations for Website Tracking Tools
Top Privacy Considerations for Website Tracking Tools
How to Simplify Data Protection within your Organization
How to Simplify Data Protection within your Organization
CyberArk CEO Touts New Browser That Secures Privileged Users
CyberArk CEO Touts New Browser That Secures Privileged Users
Are We Facing a Massive Cybersecurity Threat?
Are We Facing a Massive Cybersecurity Threat?
Checking Out Security Before Using AI Tools in Healthcare
Checking Out Security Before Using AI Tools in Healthcare
Integrating Generative AI Into the Threat Detection Process
Integrating Generative AI Into the Threat Detection Process
Closing Privacy 'Loopholes' in Reproductive Healthcare Data
Closing Privacy 'Loopholes' in Reproductive Healthcare Data

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.