Sarah Wallace reports:
Eyewitness News has learned that patients at North Shore University Hospital have been notified that their private health records, including social security numbers and insurance information, have been stolen.
New York State Police are saying this is an ongoing and widespread probe.
Eyewitness News just learned that there were actually two security breaches at North Shore; one last year where the hospital says 50 patients were notified, and there was another breakdown in the system this year, beginning in January, where patients records were compromised again.
The hospital says that theft involved about a hundred people who’ve also now been warned.[…]
What was included in those records was: date of birth, address, phone number, medical record number, social security number, insurance information, and potentially the medical history.
Wallace reports that someone has already been apprehended:
Eyewitness News has learned that a Brooklyn man, Clincy Robinson, Sr. who lists himself as a health care professional on his my space page, has now been indicted in Nassau County for identity theft, and possessing computer data from North Shore containing information on over 900 people.
He’s a licensed nurse but it’s not clear of his connection to the hospital.
Robinson and an alleged accomplice are also accused of grand larceny connected to purchases at Target and Macy’s.
The criminal complaint says the crimes took place during a three-month span a year ago, but the hospital says corporate security learned of the incident on March 19th of this year.
Read more on ABC.
Someone’s got a lot of explaining to do if over 900 patients’ data were stolen but the hospital didn’t detect it at the time and/or underestimated the scope of the breach. And why is law enforcement saying that the breach (singular?) occurred last year over a 3-month period while the hospital is talking about two breaches?
Very confusing.