Healthcare News & Insights

Hospital employee sold 40 patients’ protected health information

Health information is valuable for cybercriminals, who can use it to commit identity theft, insurance fraud or other crimes. And often the source for that data is a healthcare provider’s employees. 

Most data breaches are caused by an employee or someone else inside the organization, according to a recent IT security study from research firm Forrester. Most often, insiders cause data breaches by accident — 31% of the breaches studied by Forrester occurred because an employee lost a laptop or other portable device, and 27% were caused accidental misuse of access privileges.

However, many breaches are also caused by employees who intend to steal sensitive data and profit from it, as 12% of the breaches examined by Forrester were blamed on malicious insiders.

One hospital was recently the victim of both kinds of insider attacks.

In March, Howard University Hospital in Washington, DC, sent a statement to 34,000 patients informing them that a laptop containing their medical information had been stolen from a contractor. Information such as Social Security numbers, medical record numbers and diagnosis information was loaded onto the contractor’s personal laptop, in violation of hospital policy.

Six weeks after that, criminal chargers were filed against a former hospital employee who, in an unrelated incident, stole and sold patients’ protected health information.

Laurie Napper, a former technician in the hospital’s surgery department, pled guilty to charges that she sold patients’ names, addresses, dates of birth and Medicare numbers to third parties.

Information on about 40 patients, along with black prescription forms, were sold from August 2010 to December 2011, earning Napper roughly $2,100. The buyers used the information and forms to forge prescriptions for oxycodone.

Napper was convicted on charges of wrongful disclosure of patients’ individually identifiable health information and sentenced to three years of probation, including six months in a halfway house and six months of home confinement, as well as 100 hours of community service and a $2,100 fine.


Subscribe Today

Get the latest and greatest healthcare news and insights delivered to your inbox.