Hospital group employee steals personal data. Is your identity safe?

February 14, 2008

By Daniel Brownstein

A former employee of a locally connected national hospital chain who was convicted of identity theft had access to the personal information of about 37,000 patients, according to a company spokesman.

Tenet Healthcare Corp. owns 54 hospitals in a dozen states, including Hilton Head Regional Medical Center and Coastal Carolina Medical Center. The company mailed letters last week announcing the security breach to anyone who could have been affected, said spokesman Steven Campanini.

Ashley Latzer of Hilton Head Island was one of those who received a notification letter. She had been a patient at Hilton Head Regional more than a year ago.

There is no evidence her information was used, but she immediately placed fraud alerts on her credit reports, and also filed a sheriff's report to document the incident.

"I'm more concerned with what could happen than what has happened," she said.

Tenet informed victims of how to set up the free fraud alerts at the nation's three major credit bureaus.

"There's an annoyance factor and we apologize for that," Campanini said. "We recognize consumer privacy is very important and take it very seriously."

The ex-employee worked at a Frisco, Texas, billing center for less than two years, and is confirmed to have stolen the names, Social Security numbers and other personal information of about 90 patients, Campanini said. The company has paid to monitor the credit reports of those victims.

Terrence Brooks, 30, had access to 37,000 other accounts, less than 1 percent of the 4 million handled at the billing center, the company said.

Brooks was arrested Nov. 25 at a Costco in south Arlington, Texas, where he was trying to obtain a credit card using information he stole at his job, authorities said. A "savvy" employee called police, and Brooks was arrested on the spot on misdemeanor traffic warrants, according to a police spokesman and Tenet.

He pleaded guilty last month to five counts of fraudulent use and possession of identification information and was sentenced to nine months in prison.

He had passed a background check to get the Tenet job and had undergone training on the company's security policy, which includes a prohibition on taking personal information from the building, said Campanini. Brooks was immediately fired when the company learned of his arrest.

"What's challenging in this situation is there was an employee intent on committing fraud," Campanini said. "No company can prevent that, but we can have practices in place to immediately address it when it does occur, and that's what we did."

main page ATTRITION feedback