Florida Department of Health of Orange County discloses insider breach for tax refund fraud affecting 2,300 patients
Why report just one insider breach/tax refund fraud scheme for the day when you can report two? Here’s a statement the Florida Department of Health in Orange County posted today on their site:
The Florida Department of Health in Orange County (DOH-Orange) is issuing a security breach notice to certain patients of its health centers located in Orange County. Federal investigators revealed today the breach occurred when two former employees created lists containing names, birthdates, and social security numbers obtained from patient records. The employees have been permanently removed from access to any and all Department of Health information. Medical information, bank account, credit card or other personal information were not part of the breach.
“We are taking every precaution possible and cooperating with law enforcement to assure all records are maintained with the greatest level of security possible,” said Department of Health in Orange County Director Dr. Kevin Sherin. Attempts are underway to notify all affected patients either in person or by mail.
Health department patients should review their credit history for any fraudulent or suspicious activities they have not authorized. A free report can be obtained at www.annualcreditreport.com. If you have had fraudulent activity contact the Orange County Sheriff”s Office at 407-253-7000. The Department of Health can answer general questions at 407-858-1490.
The security of patient information is of critical importance to the Department. The Department is committed to safeguarding confidential patient information and has implemented additional security measures to restrict and control the availability of patient social security numbers included in electronic medical records.
The Sun Sentinel has more details on the case, including the names of the former employees: Shanterica Smith and Gerald Williams. Williams’ brother, Delray Duncan, was also arrested. The paper also reports:
Federal court records show the investigation into the tax scheme began in November 2011, when the Orange County Sheriff’s Office found a handwritten list of about 150 names, Social Security numbers and birth dates.
A woman linked to that list, Tanya Fox, told detectives she was supposed to hand the list off to another person, who would use the private information to commit tax fraud.
An IRS agent discovered that more than 3,500 tax returns were filed between January 2011 and December 2012 using addresses associated with Fox.
Agents determined that the sources of the information were Smith and Williams, court records said.
Of the roughly 3,000 identity theft victims whose tax returns listed addresses associated with Fox, about 2,300 were included in the health department’s record management system.
Note that none of the entities involved in the breaches reported today (one assisted living facility, one hospital, and one state agency) had detected the insider breaches and only learned of them from law enforcement.