Theft was discovered by police, not hospital IT staff
A hospital admissions worker was arrested this weekend for allegedly stealing the personal information of some 50,000 patients out of a database and selling some of it to an identity theft ring.
Dwight McPherson, 38, a former worker at New York-Presbyterian Hospital/Weill Cornell Medical Center, was arrested Friday night, shortly after the hospital announced the security breach, according to the Associated Press.
Interestingly, the breach had not been discovered by the hospital. McPherson was exposed when police and postal inspectors in Atlanta raided a suspected identity theft ring. Among the papers they found were 221 documents from the hospital, which allegedly were sent to the ring by McPherson.
Only after the documents were found did the hospital check its computer records, discovering that McPherson's computer ID had been used to access some 49,841 records. All of the individuals were males born between 1950 and 1970. The hospital says the records included addresses and Social Security numbers, but no medical information.
McPherson had sold information on about 2,000 patients for a total of $1,350, according to federal court documents cited in news reports. In a confession, McPherson reportedly told police that he was approached in 2006 by an individual who offered to pay for the data.
At his arraignment on Saturday, McPherson was released on $500,000 bail. His lawyer told reporters that his client is "a hardworking, honest citizen. He is presumed innocent."
— Tim Wilson, Site Editor, Dark Reading
About the Author(s)
You May Also Like
Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024