Eight Indicted for Using Stolen Patient Info to Make Purchases.

Eight alleged members of an identity theft ring, including a former assistant clerk at Montefiore Medical Center in New York, have been indicted on a variety of charges stemming from using stolen information on nearly 13,000 patients to make purchases at retailers.

Ann Patterson, senior vice president and program director of the Medical Identity Fraud Alliance, says that the incident points to the need for ongoing vigilance by healthcare organizations to prevent and detect ID theft and other related crimes.

In a statement, Montefiore says that following the alleged crimes that were discovered in May, the hospital has expanded both its technology monitoring capabilities and employee training on safeguarding and accessing patient records to further bolster its privacy safeguards.

The hospital also says it performs criminal background checks on all employees and “has comprehensive policies and procedures, as well as a code of conduct, which prohibits employees from looking at patient records when there is not a work-related reason to do so.”

Dan Berger, CEO of security consulting firm RedSpin, says it’s not surprising the breach went undetected for so long because insider attacks are difficult to uncover. It’s unclear if the Montefiore hospital clerk had “good reason to access so many records” as part of her job, he notes.

Patterson of the Medical Identity Fraud Alliance notes: “In addition to proper vetting of employees, the continued evaluation of employee education and awareness training programs and of your internal fraud detection programs is necessary. It’s not something you do once and are done. Employees who are properly vetted upon initial hire may have changing circumstances that change their work integrity later on in their employ.”

Additionally, security measures often need tweaking as circumstances within an organization change, she says.

Click here to read the full article.

June 22, 2015 by Marianne Kolbasuk McGee, HealthcareInfoSecurity

post