ID Theft Incident Leads Breach Roundup

Employee Stole Information on 2,800 Patients
ID Theft Incident Leads Breach Roundup

In this week's breach roundup, a former employee at the Palm Beach County Health Department in Florida has been charged with identity theft. Also, security vendor Bit9 reports a breach that caused the issuance of digital certificates that were illegitimately used.

See Also: OnDemand Webinar | Utilizing SIEM and MDR for Maximum Protection

Arrest in Florida ID Theft Case

A former employee at the Palm Beach County Health Department in Florida has been arrested and charged with identity theft.

Salita St. Simon, formerly a senior clerk at the health department, allegedly obtained patient identification information, including names and Social Security numbers, from the health department's computer system and then provided it to others who used it to file fraudulent tax returns, according to the U.S. Attorney's Office for the Southern District of Florida.

St. Simon allegedly stole information on more than 2,800 patients last year, authorities say.

If convicted, St. Simon faces up to five years in prison and three years of supervised release.

Vendor Concedes It Let Its Guard Down

Bit9 says its failure to install its own information security products to detect intrusions on its network has resulted in a breach, causing the issuance of digital certificates that were used illegitimately to sign malware affecting three customers.

President and Chief Executive Patrick Morley, in a Bit9 blog post, characterizes the failure as an "operational oversight," adding that its products were not compromised. "We simply did not follow the best practices we recommend to our customers by making certain our product was on all physical and virtual machines within Bit9," he says.

Bit9 says it had notified affected customers - Morley didn't identify them - and has reached out to all of its customers to ensure them they are no longer vulnerable to malware associated with the affected certificate.

Insider Incident Leads to Class Action

In a class action lawsuit filed in New York, 12 plaintiffs who were treated at North Shore University Hospital claim the hospital was negligent, breached fiduciary duty and violated several laws, including HIPAA, when a former hospital worker stole patient record face sheets - the top sheets on patients' paper files - and subsequently used personal information to allegedly open fake credit card and cell phone accounts. The incidents occurred in 2010.

The plaintiffs are suing for $50 million in punitive damages and an unspecified amount for actual damages, according to news reports.

North Shore-LIJ Health System, which owns North Shore University Hospital, says more than 100 patients were affected by the 2010 ID theft incident.

The health system sent letters to about 200 patients in late 2011 and early 2012 notifying them that their personal information may have been compromised and offering free credit monitoring for a year, says Terrance Lynam, a spokesman for North Shore-LIJ. So far, about half of those patients have reported fraudulent credit card activity, he adds.

About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.