Back in October 2010, I noted the case of the Orange Regional Medical Center. They had suffered a data security breach in 2005, but never knew they had been breached until the U.S. Attorney’s Office mentioned their name in the context of a criminal Medicare fraud ring that operated between 2006 and 2010. Many doctors had also had their identity information stolen for use in the fraudulent enterprise.
According to a new press release from the U.S. Attorney’s Office, the leader of the scheme, Davit Mirzoyan, pleaded guilty yesterday.
Orange Region Medical Center was the only source of patient/Medicare info specifically mentioned in the indictment, but I wonder if there were other sources of patient data, too. Otherwise, we’re talking about data on 2,900 patients fueling a $100 million fraud. Could that be right?
I’ll call the U.S. Attorney’s Office next week after the storm clean-up to see if I can get clarification on this.