Cybercrime , Fraud Management & Cybercrime , HIPAA/HITECH
Hospital Worker Sentenced for HIPAA Crimes in ID Theft Scam
Former Employee Gets 4.5 Years in Federal Prison and Is Ordered to Repay PatientsA former employee of an Arizona hospital received a 54-month prison sentence and an order to pay restitution after pleading guilty to criminal HIPAA violations committed as part of his participation in an identity theft scam.
See Also: Critical Condition: How Qilin Ransomware Endangers Healthcare
Federal prosecutors charged Rico Prunty of Sierra Vista, Arizona, with accessing the medical forms and participating in a scheme to open credit card and other financial accounts with the personal identifiable information in them.
Prunty must reimburse $133,000 to patients who were victims of the scheme, the U.S. Department of Justice said.
In his plea agreement, Prunty acknowledged stealing data from more than 300 individuals between July 2014 and May 2017. He pleaded guilty to one count of violating HIPAA and one count of aggravated identity theft.
Prunty provided the patient information to three co-conspirators in Indiana. The conspiracy included his brother, Vincent Prunty, and Temika Coleman and Gemico Childress, who have already received prison sentences of between roughly 10 and 13 years.
“This case highlights the need for hospitals to have robust information security protocols in place that include regular monitoring and internal controls to limit employee access to information only necessary for the scope of their job responsibilities," said attorney Jason Johnson, a partner in law firm Moses Singer's healthcare privacy and cybersecurity practice, who was not involved in the Prunty case.