Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


04:16 PM
Connect Directly

Massive Healthcare Fraud Ring Stole Physician, Patient Identities

Seventy-three people charged in healthcare fraud crimes in five states, including part of Armenian-American organized crime organization

The threat of medical identity theft came to light yesterday with the FBI's announcement it had busted an organized crime gang that stole the identities of doctors and thousands of Medicare patients in order to operate phony clinics that bilked Medicare and insurance companies of more than $165 million in fraudulent billing.

Authorities have charged 73 people, including members of an alleged Armenian-American organized crime organization, with multiple healthcare fraud crimes. The FBI has arrested 52 of these suspects for executing what it says is the largest Medicare fraud case the DOJ has prosecuted to date. The defendants operated close to 120 fake clinics in 25 states and were indicted by authorities in California, Georgia, New Mexico, New York, and Ohio. "The emergence of international organized crime in domestic health care fraud schemes signals a dangerous expansion that poses a serious threat to consumers as these syndicates are willing to exploit almost any program, business or individual to earn an illegal profit," said Acting Deputy Attorney General Gary G. Grinder, in a statement. "The Department of Justice is confronting this evolving threat here and abroad through a number of initiatives including a strengthened Attorney General's Organized Crime Council and the creation of the International Organized Crime Intelligence and Operations Center (IOC-2) to ensure that we are focused and coordinated in our efforts to combat international organized crime."

Healthcare identity theft has become a major worry, especially with the movement toward electronic medical records. Some 1.5 million Americans have been victims of medical identity theft, according to data from the Ponemon Institute.

Former employees at Johns Hopkins Hospital were indicted earlier this month for an ID theft scam that used patient records to get $600,000 worth of credit. And meanwhile, recent Theft Resource Center data shows that healthcare organizations have disclosed 119 breaches so far this year -- more than three times the 39 breaches suffered by the financial services industry.

The investigation in New York began after Social Security numbers and birth dates of 2,900 Medicare patients in upstate New York were reported stolen, according to an Associated Press report.

U.S. Attorney Preet Bharara said at a news conference yesterday that the crime ring's operation "puts the traditional Mafia to shame," the AP reported. "They ran a veritable fraud franchise."

Armen Kazarian, 46, who is in custody in California, was the alleged crime boss of the operation. His alleged main conspirators, Davit Mirzoyan, 34, and Robert Terdjanian, 35, both in New York, were named in an indictment that charges them with ID theft, money laundering, and other criminal acts, including stolen credit cards and phony Viagra.

"The international organized crime enterprise known as the Mirzoyan-Terdjanian, fleeced the health care system through a wide-range of money making criminal fraud schemes. The members and associates located throughout the United States and in Armenia, perpetrated a large-scale, nationwide Medicare scam that fraudulently billed Medicare for more than $100 million of unnecessary medical treatments using a series of phantom clinics," said Kevin Perkins, assistant director of the FBI's Criminal Investigative Division, in a statement.

If found guilty of the racketeering charges, the suspects could face life imprisonment and a $250,000 fine, while healthcare fraud and conspiracy charges could send them to prison for 10 years, with a $250,000 fine. ID theft charges carry a maximum of 10 years in prison plus the same fine; aggravated ID theft, a two-year prison sentence added to any other sentence given; and conspiracy to commit credit card fraud, 10 years in prison and $250,000.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Can Your Patching Strategy Keep Up with the Demands of Open Source?
Tim Mackey, Principal Security Strategist, CyRC, at Synopsys,  6/18/2019
Florida Town Pays $600K to Ransomware Operators
Curtis Franklin Jr., Senior Editor at Dark Reading,  6/20/2019
Register for Dark Reading Newsletters
White Papers
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-06-24
In the miniOrange SAML SP Single Sign On plugin before 4.8.73 for WordPress, the SAML Login Endpoint is vulnerable to XSS via a specially crafted SAMLResponse XML post.
PUBLISHED: 2019-06-24
The MakerBot Replicator 5G printer runs an Apache HTTP Server with directory indexing enabled. Apache logs, system logs, design files (i.e., a history of print files), and more are exposed to unauthenticated attackers through this HTTP server.
PUBLISHED: 2019-06-24
The ABB IDAL FTP server is vulnerable to a buffer overflow when a long string is sent by an authenticated attacker. This overflow is handled, but terminates the process. An authenticated attacker can send a FTP command string of 472 bytes or more to overflow a buffer, causing an exception that termi...
PUBLISHED: 2019-06-24
The ASUS HiVivo aspplication before 5.6.27 for ASUS Watch has Missing SSL Certificate Validation.
PUBLISHED: 2019-06-24
An issue was discovered in the Ultimate Member plugin 2.39 for WordPress. It allows unauthorized profile and cover picture modification. It is possible to modify the profile and cover picture of any user once one is connected. One can also modify the profiles and cover pictures of privileged users. ...