DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

More details on the Florida Hospital breach

Posted on August 18, 2012 by Dissent

As I was looking for more media coverage on the Florida Hospital breach discussed earlier today, I was surprised to come across a news report from October 2011 that I had missed. I wasn’t surprised that I had missed the news story,  but I was surprised by what it claimed. WFTV, which has been all over this breach since the beginning, had reported:

An agent confirmed on Wednesday night that the FBI is investigating the patient records breach at Florida Hospital. Osceola County released new documents Wednesday that show the hospital suspected three employees were selling patient information at least six weeks ago.

The suspects are identified as husband and wife, 35-year-old Dale Munroe and 31-year-old Katrina Munroe, along with 30-year-old April Baker.

Osceola County said it was not able to make arrests because the hospital did not cooperate with the investigation, citing federal HPPA [sic] laws. That means the FBI will have to look further into the matter to see if federal charges will be filed against the three.

The hospital couldn’t cooperate in an investigation involving theft of patient data because of HIPAA? I’d like to see/understand their explanation of this. I have sent an email inquiry to the hospital about certain points raised in WFTV’s coverage.

Read more of this earlier article on WFTV.

I’ve uploaded the  complaint in U.S.A. v. Munroe.  According to the docket, Munroe was arrested on August 14. The supporting affidavit details how Munroe used his computer access at the Celebration location to quickly scroll through emergency room patients’ records to identify those who had been involved in automobile accidents. The hospital’s network, however, also enabled him to conveniently access the same type of records for emergency room patients at all other Florida Hospital locations. From late 2009 through mid- 2011, Munroe  reportedly viewed 763,000 patients’ emergency room records on a summary screen that displayed 10 patients’ records per screen. Of those 763,000 patients, over 12,000 patients’ records were viewed for longer than one second, involved a motor vehicle accident, and/or resulted in the access of additional files. These were the patients that Florida Hospital notified last year.  Many patients reported that within days after being seen in the emergency room, they received solicitation calls asking if they needed a referral to a lawyer or chiropractor.

According to the complaint, Munroe provided information to “S.K.,” who allegedly paid him and his wife approximately $10,000 for the information provided. S.K. allegedly then conveyed that information to other(s) who solicited patients for lawyers and chiropractors. The complaint notes that S.K. may be part of an insurance fraud ring involving staged accidents.

Ironically, perhaps, Munroe was not fired for this illegal activity. He was fired in July 2011 after the hospital discovered he improperly accessed the file of a physician who had been killed. After his termination, his wife and a co-worker continued accessing patient records, presumably to provide to S.K. Their role was discovered in August 2011 after an employee received a solicitation call and contacted the hospital to report the leak. The hospital audited access to the relevant records, fired Munroe’s wife and co-worker, and began a more extensive audit of access to ER patient data. It was only then that they uncovered Dale Munroe’s activities.

Munroe has been charged with violation of 42 U.S.C. 1320.  So far, no one else has been charged in the case, which is United States of America v. Munroe,  6:12-mj-01378-KRS. Munroe is due back in court on September 14.

One of the things I’d really like to know – and it may take a mainstream journo to follow up on this – if the employee is arrested for selling protected patient info, will the chiropractors and attorneys be charged with receiving stolen info?

Category: Health Data

Post navigation

← Georgia Tax Return Preparer Pleads Guilty to Stolen Identity Refund Fraud Crimes
UK: Children’s private and sensitive records leaked on internet from Independent Schools Guide site →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • Class action settlement following ransomware attack will cost Fred Hutchinson Cancer Center about $52 million
  • Comstar LLC agrees to corrective action plan and fine to settle HHS OCR charges
  • Australian ransomware victims now must tell the government if they pay up
  • U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams
  • Victoria’s Secret takes down website after security incident
  • U.S. Government Employee Arrested for Attempting to Provide Classified Information to Foreign Government
  • St. Cloud Provides Update on Ransomware Attack in 2024
  • Bradford Health Systems detected abnormal network activity in December 2023. They first sent out breach notices this week.

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent
  • Trump Taps Palantir to Compile Data on Americans
  • The US Is Storing Migrant Children’s DNA in a Criminal Database

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.