Healthcare News & Insights

The janitor did it! Unsecured patient files are gold mine for fraud ring

A Chicago hospital is learning the hard way that files can’t be considered “secure” just because they’re stored in a private office.

According to prosecutors, a  fraud ring took advantage of lax procedures at Northwestern Memorial Hospital. So far, seven women have been charged, and three more have been issued warrants.

These are the allegations: One of the women who worked for a company that provided janitorial services accessed patient records that were kept in an unlocked filing cabinet. She wrote down patient names, credit card numbers and other details needed to make purchases.

Then she and the other women would take the card numbers to local stores, including Lowes, Jared the Galleria of Jewelry and Victoria’s Secret. Using only the account numbers, the crooks were able to buy a truck’s worth of drywall, jewelry and other goodies. Some of the items were resold. Others were featured prominently in photos on the scammers’ Facebook pages.

More than 250 patient accounts were compromised. Many of the fraudulent charges went unnoticed by the victims.

Northwestern said it was taking the breach “seriously” and is working to identify those whose information may have been stolen.

Subscribe Today

Get the latest and greatest healthcare news and insights delivered to your inbox.