DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Florida Department of Health of Orange County discloses insider breach for tax refund fraud affecting 2,300 patients

Posted on October 30, 2013 by Dissent

Why report just one insider breach/tax refund fraud scheme for the day when you can report two?  Here’s a statement the Florida Department of Health in Orange County posted today on their site:

The Florida Department of Health in Orange County (DOH-Orange) is issuing a security breach notice to certain patients of its health centers located in Orange County. Federal investigators revealed today the breach occurred when two former employees created lists containing names, birthdates, and social security numbers obtained from patient records. The employees have been permanently removed from access to any and all Department of Health information. Medical information, bank account, credit card or other personal information were not part of the breach.

“We are taking every precaution possible and cooperating with law enforcement to assure all records are maintained with the greatest level of security possible,” said Department of Health in Orange County Director Dr. Kevin Sherin. Attempts are underway to notify all affected patients either in person or by mail.

Health department patients should review their credit history for any fraudulent or suspicious activities they have not authorized. A free report can be obtained at www.annualcreditreport.com. If you have had fraudulent activity contact the Orange County Sheriff”s Office at 407-253-7000. The Department of Health can answer general questions at 407-858-1490.

The security of patient information is of critical importance to the Department. The Department is committed to safeguarding confidential patient information and has implemented additional security measures to restrict and control the availability of patient social security numbers included in electronic medical records.

The Sun Sentinel has more details on the case, including the names of the former employees: Shanterica Smith and Gerald Williams. Williams’ brother, Delray Duncan, was also arrested. The paper also reports:

Federal court records show the investigation into the tax scheme began in November 2011, when the Orange County Sheriff’s Office found a handwritten list of about 150 names, Social Security numbers and birth dates.

A woman linked to that list, Tanya Fox, told detectives she was supposed to hand the list off to another person, who would use the private information to commit tax fraud.

An IRS agent discovered that more than 3,500 tax returns were filed between January 2011 and December 2012 using addresses associated with Fox.

Agents determined that the sources of the information were Smith and Williams, court records said.

Of the roughly 3,000 identity theft victims whose tax returns listed addresses associated with Fox, about 2,300 were included in the health department’s record management system.

Note that none of the entities involved in the breaches reported today (one assisted living facility, one hospital, and one state agency) had detected the insider breaches and only learned of them from law enforcement.

Category: Health Data

Post navigation

← Security concerns – or politics, depending on your view – prompt subpoena for Healthcare.gov data
Children's Healthcare says resigning exec stole PHI on her way out the door →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • Class action settlement following ransomware attack will cost Fred Hutchinson Cancer Center about $52 million
  • Comstar LLC agrees to corrective action plan and fine to settle HHS OCR charges
  • Australian ransomware victims now must tell the government if they pay up
  • U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams
  • Victoria’s Secret takes down website after security incident
  • U.S. Government Employee Arrested for Attempting to Provide Classified Information to Foreign Government
  • St. Cloud Provides Update on Ransomware Attack in 2024
  • Bradford Health Systems detected abnormal network activity in December 2023. They first sent out breach notices this week.

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent
  • Trump Taps Palantir to Compile Data on Americans
  • The US Is Storing Migrant Children’s DNA in a Criminal Database

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.