Another update to a breach, previously covered on this blog, that involved information on patients of Apex Laboratory in Florida:
Michael Ali Bryant, Sr., 41, and his wife, Latina Rashawn Bryant, 43, both of Lauderdale Lakes, were sentenced for their participation in a stolen identity tax refund scheme. Michael Bryant was sentenced to 144 months in prison, to be followed by three years of supervised release. Latina Bryant was sentenced to 48 months in prison, to be followed by three years of supervised release.
Both defendants previously pled guilty to one count of aggravated identity theft, in violation of Title 18, United States Code, Section 1028A. Michael Bryant also previously pled guilty to one count of possession of fifteen or more unauthorized access devices, in violation of Title 18, United States Code, Section 1029(a)(3); and Latina Bryant previously pled guilty to one count of using an unauthorized access device, in violation of Title 18, United States Code, Section 1029(a)(2).
Co-defendant Marquis Onigirin Moye, 24, of Pompano Beach, was sentenced on March 28, 2014 to 54 months in prison, to be followed by three years of supervised release. Moye previously pled guilty to one count of possession of fifteen or more unauthorized access devices, in violation of Title 18, United States Code, Section 1029(a)(3), and one count of aggravated identity theft, in violation of Title 18, United States Code, Section 1028A.
Co-defendants Tiffany Shenae Cooper, 33, of Deerfield Beach, and Angela Dione Rosier, 41, of Coral Springs, were sentenced on February 28, 2014. Cooper was sentenced to 57 months in prison, to be followed by three years of supervised release. Rosier was sentenced to 49 months in prison, to be followed by three years of supervised release. The court also ordered both defendants to pay $129,390.06 in restitution to the IRS and the medical services provider whose database had been breached. Cooper previously pled guilty to one count of possession of fifteen or more unauthorized access devices, in violation of Title 18, United States Code, Section 1029(a)(3), and one count of aggravated identity theft, in violation of Title 18, United States Code, Section 1028A. Rosier previously pled guilty to one count of conspiracy to commit access device fraud, in violation of Title 18, United States Code, Section 1029(b)(2).
According to court documents, a confidential source (CS) initially approached Michael Bryant and inquired about purchasing narcotics. Bryant told the CS that he did not have any narcotics but that he did have personal identity information (PII) that he was willing to sell to the CS. The CS made a controlled purchase of ten pages (each page containing approximately 20 to 25 names) of PII. Bryant instructed the CS on how to commit tax fraud using the PII, and provided the CS with specific instructions on what information to enter into the web pages of the internet-based tax services to obtain a tax refund. An examination of the PII revealed that it was from a medical services provider.
Rosier was an employee of the medical services provider. Cooper spoke to Rosier to obtain user names and passwords for current employees of the medical services provider. Cooper admitted to illegally logging on to the medical services provider’s computer network and downloading PII for the purpose of committing various types of fraud. She was assisted in her activities by Rosier and co-defendant Moye.
SOURCE: U.S. Attorney’s Office, Southern District of Florida
Note that the USAO says this affected “thousands of patients” in their headline. It is not clear to me whether they were all patients of Apex Laboratory or whether another facility was also involved. The Apex Laboratory breach is still not showing up on HHS’s breach tool, and it’s not clear whether they ever reported this breach or not (they hadn’t reported it by January 28, 2014, more than one a half years after they learned of it.