There was a follow-up last week to a case DataBreaches.net has reported on several times, beginning in December, 2020 when Demetrius Cervantes, 46, of McKinney, and Amanda Lowry, 40, of Sherman, Texas pleaded guilty to conspiracy to obtain protected health information from a protected computer. A third conspirator, Lydia Henslee, faced additional charges and subsequently also pleaded guilty.
Cervantes was sentenced earlier this month to 48 months in prison. On July 22, Lowry was sentenced to 30 months in prison.
According to information presented in court, Lowry, Cervantes, and Henslee were named in a federal indictment on Sept. 11, 2019 charging them with conspiracy to obtain information from a protected computer and conspiracy to unlawfully possess and use a means of identification. They are alleged to have breached a health care provider’s electronic health record (EHR) system in order to steal protected health information and personally identifiable information belonging to patients. This stolen information was then “repackaged” in the form of false and fraudulent physician orders and subsequently sold to durable medical equipment (DME) providers and contractors. The defendants obtained more than $1.4 million in proceeds from the sale of the stolen information. The defendants then used those proceeds to purchase items such as sport utility vehicles, off-road vehicles, and jet skis.
Henslee has not yet been sentenced.