Healthcare News & Insights

Former hospital employee stole and sold protected health information

In addition to outside hackers who attempt to break into healthcare organizations’ systems to steal protected health information, providers must also worry about their own staff members stealing and selling sensitive data. 

In one recent incident, it’s a former employee who has been blamed for a major security breach at a Florida hospital.

After a 10-month investigation following the discovery of the breach, the FBI arrested Dale Munroe, a former employee of Florida Hospital Celebration Health, reports. According to investigators, while Munroe worked in the hospital’s emergency room from 2009 to 2011, he unlawfully accessed the records of 760,000 patients.

As part of his job of registering patients who came to the emergency room, Munroe had access to patient’s protected health information that was required by the law to remain private. However, he made copies of car accident victims’ records and sold them to chiropractors and attorneys who used them to call the patients and try to drum up business.

The hospital learned of the breach when a patient called after receiving a phone call that referenced the stolen information.

Insider threats are a critical IT security issue for all organizations, and that’s especially the case in health care where there’s a lot of sensitive information that can be accessed and misused. To lower the risk, experts recommend providers:

  • Conduct thorough background checks for any new hire that has access to protected health information. That includes IT employees who will be able to access tech systems holding sensitive data.
  • Give employees the least amount of access to data that they need to do their jobs. Also, regularly audit who has access to what data to make sure no one keeps unnecessary access rights after their duties change.
  • Have a process for quickly communicating personnel changes. It’s important to remove access rights as soon as employees leave the organization. If that isn’t done, former staff members can be a bigger security threat than current employees.



Subscribe Today

Get the latest and greatest healthcare news and insights delivered to your inbox.