According to a 39-count indictment, while employed by Johns Hopkins Hospital from August 2007 to March 2009, Jasmine Smith is alleged to have improperly accessed the records of the hospital's patients to obtain the personal identity information of patients and the parents and guardians of minor patients, including names, Social Security numbers, dates of birth, and addresses.
Smith allegedly provided the stolen identity information to two of the other defendants. From May 2008 to June 2009, the fourth and fifth defendants allegedly used the stolen information to apply for instant credit at stores located in Maryland and make purchases on "instant credit" before the fraudulently obtained credit cards were received by the victims.
The indictment alleges that during the course of the scheme, the defendants fraudulently obtained more than $600,000 in credit from more than 50 institutional and individual victims.
The defendants face a maximum sentence of 30 years in prison for conspiracy to commit bank fraud and two years in prison consecutive to any other sentence for aggravated identity theft.
According the privacy site Office of Inadequate Security, the timing of the alleged crimes is consistent with a breach reportthat Johns Hopkins filed with the state of Maryland last year.
In that report, the hospital stated that more than 10,000 patient records had been accessed by an employee who might have been associated with an alleged identity fraud. The hospital speculated that most of the records were probably accessed for legitimate business reasons.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.