DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

FL: Miami-Dade County Resident Sentenced In Identity Theft Scheme Involving Over 8,600 Patients’ Identities

Posted on January 28, 2015 by Dissent

A Miami-Dade County resident has been sentenced to 61 months in prison, followed by two years of supervised release.

Noel Barrientos previously pled guilty to one count of possessing fifteen or more access devices (social security numbers of other people) and one count of aggravated identity theft.

According to court documents, law enforcement executed a search warrant at Barrientos’ residence based on suspected narcotics activity. During the search warrant, officers observed and recovered a total of 15 credit/debit cards that were located throughout the premises all in different names including names of men and women not associated with Barrientos or his residence. Three of the cards were located in Barrientos’ wallet.

Court documents also state that during the search warrant, law enforcement found a computer that contained a file with the names, dates of birth, and social security numbers of 8,678 unique patients. Agents determined that the list came from a doctor’s office located on Sunset Drive in South Miami. A former doctor’s office employee, Gillian Armstrong [1:14-cr-20339], had access to the patient list and sold it to Barrientos. Barrientos sold the names to other individuals who used the fraudulently obtained names to file fraudulent income tax returns. Law enforcement officers also tracked fraudulent income tax return filings to Barrientos’ residence.

In September, 2014, Armstrong was sentenced to 36 months in prison, followed by three years of supervised release for her role in the scheme.

SOURCE: U.S. Attorney’s Office, Southern District of Florida

Not surprisingly, the doctor’s office was not named in either the release or the public court filings, and inspection of HHS’s public breach tool does not reveal any breached entity with the exact number mentioned in the press release. Inspection of the proffer in Armstrong’s case, however, does provide some interesting details about the method and means of the breach:

ARMSTRONG acted as a “thief” in this case, stealing PII for Barrientos who then sold it to third parties. ARMSTRONG became involved in late 2010, early 2011, when she was desperate for money. At the time, ARMSTRONG was a single mother with a debilitating crack cocaine addiction. ARMSTRONG was working for a doctor’s office in South Miami at the time of the theft while she was living out of her car.

During that time-period, ARMSTRONG agreed to sell Barrientos PII stolen from the doctor’s office in exchange for money. At first, ARMSTRONG copied a few names down by hand while at work and sold them to Barrientos. ARMSTRONG was able to access the PII from the doctor’s office through an off-site database company (“the database”). At the time, a1l patient information was accessible by logging onto the database website with a user name and password. Each employee has a unique username and password.

Eventually ARMSTRONG gave Barrientos the username and password to the database account. Barrientos downloaded information in batches and sold it to others. ln turn, Barrientos paid ARMSTRONG. On or about November 18, 2011, ARMSTRONG was fired from the doctor’s office. ARMSTRONG stated that when she told Barrientos that she was fired, he told her that he downloaded whatever number of names he could fit on a USB drive andtold her, “don’t worry.”

Even with that added detail, however, there is nothing in HHS’s breach tool that seems to really match up. By all accounts, the massive/major download occurred in November, 2011.  If anyone can figure out which incident this might be, let me know. I suppose it’s possible that the breach was either reported with a different date or different number of affected, or that it was reported but hasn’t yet been added to the breach tool.  Comparing a list of doctor’s offices on Sunset Drive in South Miami to entities on the breach tool does not reveal any matches that I can see.

The proffer in Barrientos’s case adds one more detail of note: when law enforcement officers examined the “Bread” file on Barrientos’s computer, the list of over 8,000 patients included the patients’ names, social security numbers, dates of birth, chart numbers, and insurance information. The patients, then, were also at risk of medical identity theft, although there’s nothing in the court records that indicated any reports of that.

 

Category: Uncategorized

Post navigation

← 13 Bay area defendants charged in 4 separate tax fraud schemes
MI: Police investigating possible point of sale breaches →

2 thoughts on “FL: Miami-Dade County Resident Sentenced In Identity Theft Scheme Involving Over 8,600 Patients’ Identities”

  1. Anonymous says:
    February 3, 2015 at 11:38 pm

    why don’t you just write ARMSTRONG a letter and ask her where she worked? I am sure she will tell you. Not joking. Look her up on the BOP website and send her a note. She will discuss it.

    I have a question: What do you mean about reporting this to the HHS breach tool. WHo is required to do that? Does HHS require the doctor to do it? What about the US Attorney’s Office or the IRS.? Do they need to report it to HHS?

    Thank you.

  2. Anonymous says:
    February 4, 2015 at 2:57 pm

    If you know her well enough to assure me she would answer, why don’t you just tell us?

    A HIPAA-covered entity whose patient data has been stolen or breached (as defined by HIPAA) is required to report the breach to HHS. Neither the USAO or IRS have any obligation to do so.

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Western intelligence agencies unite to expose Russian hacking campaign against logistics and tech firms
  • Disrupting Lumma Stealer: Microsoft leads global action against favored cybercrime tool
  • Researchers Scrape 2 Billion Discord Messages and Publish Them Online
  • Privilege Under Fire: Protecting Forensic Reports in the Wake of a Data Breach
  • Hacker who breached communications app used by Trump aide stole data from across US government
  • Massachusetts hacker to plead guilty to PowerSchool data breach (1)
  • Cyberattack brings down Kettering Health phone lines, MyChart patient portal access (1)
  • Gujarat ATS arrests 18-year-old for cyberattacks during Operation Sindoor
  • Hackers Nab 15 Years of UK Legal Aid Applicant Data
  • Supplier to major UK supermarkets Aldi, Tesco & Sainsbury’s hit by cyber attack with ransom demand

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Researchers Scrape 2 Billion Discord Messages and Publish Them Online
  • GDPR is cracking: Brussels rewrites its prized privacy law
  • Telegram Gave Authorities Data on More than 20,000 Users
  • Police secretly monitored New Orleans with facial recognition cameras
  • Cocospy stalkerware apps go offline after data breach
  • Drugmaker Regeneron to acquire 23andMe out of bankruptcy
  • Massachusetts Senate Committee Approves Robust Comprehensive Privacy Law

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.