Dive Brief:
- An employee at Montefiore Medical Center and seven additional people have been indicted on charges of stealing the personal information of 12,000 patients to purchase luxury items.
- The stolen information included names, birthdates and social security numbers, which was sold to the co-defendants over a year period (2012 to 2013)—for as low as $3 a piece.
- The hospital has identified all patients with compromised personal information and will be informing them about the breach via mail, as well as providing each patient a year of credit monitoring, a $1 million insurance policy and identity recovery services.
Dive Insight:
Montefiore senior vice-president Susan Green-Lorenzen said the hospital was cooperating with law enforcement and that "the employee who was arrested in connection to this violation egregiously and criminally chose to violate established hospital policies, the trust of our patients and the law."
According to a BloombergBusiness article, medical identity theft increased 22% last year, and is expected to continue to increase this year as more health data becomes electronic, according to a report by the Ponemon Institute. The largest HIPAA settlement to date, $4.8 million, occurred last year when HHS's office for Civil Rights performed an investigation of NY and Presbyterian Hospital and Columbia University after the institutes submitted a breach report of 6,800 individuals' electronic protected health information.