DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Palm Beach County Health Department employee arrested for stealing 2,800 patients' information for tax refund fraud

Posted on February 12, 2013 by Dissent

The Sun-Sentinel reports:

A senior clerk at the Palm Beach Health Department was arrested Tuesday and charged with using her job to steal identity information from more than 2,800 patients.

Salita St. Simon, 30, of Belle Glade, was charged with identity theft, said Wifredo A. Ferrer, United States Attorney for the Southern District of Florida, and Michael B. Steinbach, the FBI Special Agent in Charge in the Miami Field Office, according to the complaint.

Read more on The Sun-Sentinel and The Palm Beach Post.

25WPBF also reports the story, and has an interesting comment from the health department spokesperson:

Tim O’Connor urged any patients with a birth date between 1991 and 1996 to check their credit history.

“Let us know if there’s something funny about it,” he said.

Yeah, OK, Tim. Sure, buddy.

If the department sounds a bit blasé about this, perhaps it’s because they’ve had so many breaches before. As compiled by DataLossDB.org:

  • In 2005, 6,500 HIV positive patients had their names on a confidential list that was accidentally sent in an email to 800 people;
  • In 2005, 15 pages from a confidential list of HIV-positive people was lost or stolen from an analyst’s desk. This incident appeared to be independent of the breach reported two months previously;
  • In 2007, confidential test results of patients who tested positive for various communicable diseases were found in file cabinet being sold at surplus auction;
  • In 2012, a system upgrade left names, Social Security numbers, dates of birth, and other information exposed on the Internet for two months;
  • In 2012, they learned – from others – that hundreds of clients’ names, dates of birth and Social Security numbers had been stolen by a senior clerk in the medical records department; 111 became victims of tax refund fraud; and
  • Now another senior clerk has been arrested for allegedly stealing information for tax refund fraud, and again they neither prevented the breach nor discovered it through their own internal means.

The Palm Beach County Health Department issued the following notice on their web site:

The Palm Beach County Health Department is issuing a public notice that some patients may have had confidential information contained in their records disclosed to an unauthorized source. The breach occurred when an employee took client lists containing names, dates of birth, and social security numbers. It appears that patients born in the years 1991 through 1996 were targeted. Medical information, bank accounts, credit card or other information was not included.

“We are taking every precaution possible and cooperating with law enforcement to assure all records are maintained with the utmost of security,” said Health Department Director Alina Alonso, M.D. Dr. Alonso added that persons who have been a patient of the Palm Beach County Health Department and identified on the lists have been notified by mail.

However, the Health Department has not been able to contact all identified from lists and is issuing this public notice. Persons who have been a patient of the Health Department should review their credit history for any fraudulent or suspicious activities they have not authorized. A free report can be obtained at www.annualcreditreport.com. If you have had fraudulent activity, contact the Palm Beach County Sheriff’s Office at (561) 688-3771. The health department can answer general questions at 561-671-4014.

The employee was removed from access to any and all health department information.

The security of patient information is of critical importance to the department. The State of Florida, the Florida Department of Health, and Palm Beach County Health Department is fully committed to safeguarding all confidential information.

You’ll understand if I don’t believe their assurances that security of patient information is of critical importance to them.  After learning of a similar breach last year, what did they do in August and since then to prevent what happened again?  If security is of “critical importance,” what access controls or audits did they implement beginning in August 2012 after they learned of the first insider data theft?

I’ll want to see the results of HHS’s investigation of this breach. In the past, HHS informed me that when they investigate an incident, they do not have knowledge of previous breaches the entity may have experienced. It would be helpful if they did look at a fuller history in evaluating whether an entity has really implemented necessary and appropriate security controls.

Related: Press Release from U.S. Attorney’s Office, Southern District of Florida

Related posts:

  • FL: Palm Beach County Health Department employee pilfered patient information
Category: Health Data

Post navigation

← Saskatchewan Information and Privacy Commissioner Slams Regina Qu'appelle Health Region After Three Privacy Breaches
Hudson County, N.J., Pediatrician Charged With Fraudulently Billing Medicaid For Nearly $1 Million →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Swiss Health Foundation Radix Hit by Cyberattack Affecting Federal Data
  • Russian hackers get 7 and 5 years in prison for large-scale cyber attacks with ransomware, over 60 million euros in bitcoins seized
  • Bolton Walk-In Clinic patient data leak locked down (finally!)
  • 50 Customers of French Bank Hit by Insider SIM Swap Scam
  • Ontario health agency atHome ordered to inform 200,000 patients of March data breach
  • Fact-Checking Claims By Cybernews: The 16 Billion Record Data Breach That Wasn’t
  • Horizon Healthcare RCM discloses ransomware attack in December
  • Disgruntled IT Worker Jailed for Cyber Attack, Huddersfield
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Trump administration is building a national citizenship data system
  • Supreme Court Decision on Age Verification Tramples Free Speech and Undermines Privacy
  • New Jersey Issues Draft Privacy Regulations: The New
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.
Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report