Johns Hopkins tells patients: Employee stole data for fraud
IDG News Service - Baltimore's Johns Hopkins Hospital is warning more than 10,000 patients about a data theft after linking a woman working in the hospital's patient registration area to fraud.
"Beginning around January 20, 2009, Johns Hopkins received reports, some from individuals themselves, and some through various local law enforcement agencies, that some individuals had determined that they were victims of identity theft and that the theft activities focused in the Baltimore area," the hospital said in an April 3, 2009, letter sent to patients whose data was accessed. The letter was published Monday on the Maryland attorney general's Web site.
After the U.S. Secret Service and U.S. Postal Service got involved, investigators began suspecting that the Johns Hopkins employee was linked to a fraud that involved fake Virginia drivers' licenses, although officials declined to provide more information regarding that alleged scheme.
Law enforcement has identified 46 victims of the scam, 31 of whom were linked to Johns Hopkins. The hospital is offering them credit protection services, and it is also offering similar services to another 526 Virginia patients who may have been targeted by the fraud.
However, most of the 10,200 patients and former patients being notified are thought to be at "extremely low risk" of fraud, according to hospital spokesman Gary Stephenson. "We just contacted them to do due diligence," he said.
The employee had access to the Social Security numbers, names, addresses, dates of birth, telephone numbers, parents' names and medical insurance information of current and former patients. She was not able to learn about the patients' medical conditions, however.
News of the incident was first reported Monday on Databreaches.net, which noted that former Johns Hopkins employee Michelle Johnson had been indicted in January on fraud charges for allegedly using patient data to open fraudulent credit card accounts.
Stephenson said that the Johnson case was separate from this latest incident, but he declined to comment further on the matter, citing an ongoing investigation.
In its notification letter, Johns Hopkins said it has fired the employee it suspects of this latest fraud and expects that she will be indicted. However, the letter warns, "There is no absolute certainty, at this time, that she was the source of the information."
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts