In case you were looking for yet another reminder of the insider threat in the healthcare sector, here’s a report from WBNS in Ohio:
Authorities in Hilliard are investigating a widespread fraud and identity theft case involving a former employee of a local addiction treatment center who allegedly sold patients’ private data on the dark web.
Police have identified 240 victims across the country so far, many of them from central Ohio, and believe there may be more.
The man was an employee at Evoke Wellness, an addiction treatment center in Hilliard, from November 2021 to July 2024.
While working at the center, he is accused of using the facility’s internal databases to steal sensitive patient information, including their names, addresses, dates of birth and social security numbers.
The information was then sold on the dark web to individuals who reportedly used the stolen identities to buy vehicles, rack up credit card charges at hotels and restaurants and buy cryptocurrency.
Read more at WBNS.
DataBreaches could not find any notice on Evoke Wellness’s website about the incident, and submitted a contact form inquiry to them requesting a copy of their media notice or notification. This post will be updated if a reply is received.