Healthcare Information Security

Patient Privacy News

Healthcare Data Breach Leads to Identity Theft Guilty Plea

An Oklahoma man recently pled guilty, following allegations that he played a role in a 2017 healthcare data breach involving stolen patient records.

healthcare data breach medical identity theft

Source: Thinkstock

By Elizabeth Snell

- Robert Ashley Bond of Thackerville, Oklahoma recently pled guilty to charges over his alleged involvement in a 2017 healthcare data breach. 

The United States Attorney’s Office for the Eastern District of Oklahoma announced that Bond pled guilty to Conspiracy To Commit Wire Fraud and pled guilty to Aggravated Identity Theft.

“The Indictment alleged that from in or about April 2017 and continuing until on or about June 23, 2017, the Defendant, and others, knowingly conspired, agreed and confederated to execute and attempt to execute a scheme and artifice to defraud M.A., L.L., O.L., C.M., J.P., K.P., S.D., K.M., and others known and unknown to the Grand Jury, to obtain money and property by means of materially false and fraudulent pretenses, representations and promises which the Defendant transmitted or caused to be transmitted by means of wire communications in interstate commerce,” the Eastern District of Oklahoma Attorney’s Office stated.

Bond and Lane Edward Miller were both accused of felony charges stemming from a reported Mercy Health Love County Hospital and Clinic data breach. Miller previously worked at Mercy Love, and allegedly stole patient medical records.

Mercy Health explained in an earlier statement that the information gathered included patient names and Social Security numbers and was used to fraudulently obtain credit cards.

“We are very upset that this occurred, as we take the privacy and security of our patient information very seriously,” Mercy Health Love County Hospital and Clinic Administrator Richard Barker stated. “We are taking steps to secure all patient information to prevent anything similar from happening again, and we will do all we can to see that the criminals are held accountable.”

KXII Fox News 12 reported on the initial breach in 2017, saying that medical records were taken from a storage building.

Barker told the news source that the hospital and the community were violated in the incident.

"These buildings are secured in various ways, with three digit security combinations, and these combinations are changed periodically," Barker said. "They weren't changed soon enough to prevent this theft, and I take responsibility for that."

He added that Mercy Health’s security measures “changed dramatically” after the incident to ensure that it does not happen again.  

The hospital indicated that 10 patients were impacted by the data breach. A breach report submitted to OCR on September 20, 2017 though said a theft of “paper/films” affected 13,004 individuals.

A similar case was brought to a District of Puerto Rico Federal Grand Jury in February 2017, when the owner of a durable medical equipment company and three physicians were charged with multiple counts of conspiracy to commit healthcare fraud, healthcare fraud and aggravated identity theft. 

In that case, the defendants allegedly worked to defraud Medicare from on or about February 20, 2007 through on or about July 18, 2013. Specifically, the charges reportedly led to fraudulent invoices in excess of approximately $1.2 million to Medicare.

“The federal charges stem from an alleged scheme whereby Javier Efraín Siverio-Echevarría, as owner of Equipomed Care Corp., a durable medical equipment company with offices in Hatillo, Puerto Rico, would use the personal identifying information of Medicare beneficiaries, to invoice Medicare for durable medical equipment that these beneficiaries did not need or to whom the equipment would not be delivered,” the US Department of Justice stated.  

The Medicare system puts trust in physicians to ensure that patients receive necessary care and with the proper equipment, US Attorney Rosa E. Rodriguez-Velez said in a statement.

“The charges unsealed today allege that three physicians violated their responsibility to their patients and instead facilitated the means for an equipment company to bill over a million dollars to Medicare for equipment not delivered or not medically necessary,” she explained. “These charges are yet another example of the Department of Justice’s determination to hold those who choose to steal from Medicare for personal gain accountable for the harm they inflict on groups of the most vulnerable individuals in our society: the sick, the elderly and the disabled.”

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy

no, thanks