Follow-up: Woman Who Stole and Sold Protected Health Information Sentenced to 2 ½ Years in Prison
There was a follow-up last week to a case DataBreaches.net has reported on several times, beginning in December, 2020 when Demetrius Cervantes, 46, of McKinney, and Amanda Lowry, 40, of Sherman, Texas pleaded guilty to conspiracy to obtain protected health information from a protected computer. A third conspirator, Lydia Henslee, faced additional charges and subsequently also pleaded guilty.
According to information presented in court, Lowry, Cervantes, and Henslee were named in a federal indictment on Sept. 11, 2019 charging them with conspiracy to obtain information from a protected computer and conspiracy to unlawfully possess and use a means of identification. They are alleged to have breached a health care provider’s electronic health record (EHR) system in order to steal protected health information and personally identifiable information belonging to patients. This stolen information was then “repackaged” in the form of false and fraudulent physician orders and subsequently sold to durable medical equipment (DME) providers and contractors. The defendants obtained more than $1.4 million in proceeds from the sale of the stolen information. The defendants then used those proceeds to purchase items such as sport utility vehicles, off-road vehicles, and jet skis.
Henslee has not yet been sentenced.