[Dataloss] insider theft of information

Henry Brown hbrown at knology.net
Fri Feb 15 15:38:53 UTC 2008 

MAYBE an Expansion of a previously "announced" data breech

http://www.beaufortgazette.com/local/story/190720.html

Identity thief had access to area information

BLUFFTON -- A former employee of a locally connected national hospital 
chain who was convicted of identity theft had access to the personal 
information of about 37,000 patients, according to a company spokesman.

Tenet Healthcare Corp. owns 54 hospitals in a dozen states, including 
Hilton Head Regional Medical Center and Coastal Carolina Medical Center. 
The company mailed letters last week announcing the security breach to 
anyone who could have been affected, said spokesman Steven Campanini. 
Tenet also informed victims how to set up free fraud alerts at the 
nation's three major credit bureaus.

"There's an annoyance factor and we apologize for that," Campanini said. 
"We recognize consumer privacy is very important and take it very 
seriously."

The ex-employee worked at a Frisco, Texas, billing center for less than 
two years, and is confirmed to have stolen the names, Social Security 
numbers and other personal information of about 90 patients, Campanini 
said. The company has paid to monitor the credit reports of those victims.

Terrence Brooks, 30, had access to 37,000 other accounts, less than 1 
percent of the 4 million handled at the billing center, the company said.

Brooks was arrested Nov. 25 in Arlington, Texas, where he was trying to 
obtain a credit card using information he stole at his job, authorities 
said. An employee called police and Brooks was arrested on the spot on 
misdemeanor traffic warrants, according to a police spokesman and Tenet.

He pleaded guilty last month to five counts of fraudulent use and 
possession of identification information and was sentenced to nine 
months in prison.

He had passed a background check to get the Tenet job. Brooks was 
immediately fired when the company learned of his arrest.

"What's challenging in this situation is there was an employee intent on 
committing fraud," Campanini said. "No company can prevent that, but we 
can have practices in place to immediately address it when it does 
occur, and that's what we did."

[...]

More information about the Dataloss mailing list