Douglas Montero and Kati Cornell of the NY Post give us a more precise number and additional detail on the New York-Presbyterian Hospital breach:
Dwight McPherson, a 38-year-old patient-admissions representative from Brooklyn, admitted he began to access the files and sell information in early 2006 after being approached by a man in New York working for an Atlanta-based identity-theft ring, according to court documents.
He said he had been asked to provide the names, addresses and Social Security numbers of male patients born between 1950 and 1970.
McPherson – who worked the night shift at the hospital – allegedly admitted he had sold the information of approximately 1,000 patients around December 2007 for $750. He then sold the information of another 1,000 patients to a second person for $600 early this year.
[…] McPherson’s alleged scam was uncovered when postal inspectors in Atlanta executing a search warrant on an identity-theft operation there discovered 221 documents that had come from New York-Presbyterian Hospital.
They then contacted hospital officials and began an investigation. After looking through computer logs, they realized McPherson’s user login had been used to improperly access the files of 49,841 patients.
Full story – NY Post