A hospital admissions worker was arrested this weekend for allegedly stealing the personal information of some 50,000 patients out of a database and selling some of it to an identity theft ring.
Dwight McPherson, 38, a former worker at New York-Presbyterian Hospital/Weill Cornell Medical Center, was arrested Friday night, shortly after the hospital announced the security breach, according to the Associated Press.
Interestingly, the breach had not been discovered by the hospital. McPherson was exposed when police and postal inspectors in Atlanta raided a suspected identity theft ring. Among the papers they found were 221 documents from the hospital, which allegedly were sent to the ring by McPherson.
Only after the documents were found did the hospital check its computer records, discovering that McPherson's computer ID had been used to access some 49,841 records. All of the individuals were males born between 1950 and 1970. The hospital says the records included addresses and Social Security numbers, but no medical information.
McPherson had sold information on about 2,000 patients for a total of $1,350, according to federal court documents cited in news reports. In a confession, McPherson reportedly told police that he was approached in 2006 by an individual who offered to pay for the data.
At his arraignment on Saturday, McPherson was released on $500,000 bail. His lawyer told reporters that his client is "a hardworking, honest citizen. He is presumed innocent."
Tim Wilson, Site Editor, Dark Reading