There’s a follow-up to a breach noted previously on this blog:
U.S. District Judge Roy B. Dalton, Jr. sentenced Delray Duncan, Gerald Williams, and Shanterica Smith to federal prison yesterday for identity theft. Specifically, the court sentenced Duncan to 42 months in federal prison, Williams to 54 months in federal prison, and Smith to 60 months in federal prison. All three were also ordered to pay restitution in the amount of $1 million. Each previously pleaded guilty for their roles in this case.
According to court documents, the Internal Revenue Service, the Federal Bureau of Investigation, and the United States Postal Inspection Service initiated an investigation after the Orange County Sheriff’s Office executed an unrelated search warrant and discovered a list of names, dates of birth, and Social Security numbers. Further investigation revealed that Williams and Smith worked at the Orange County Health Department (OCHD). Williams and Smith accessed personal identifying information (PII) of OCHD patients and provided that information to a third party who filed fraudulent tax returns in the names of those patients. Williams and Smith did not know each other while working at OCHD but ultimately provided the information to the same person. Williams provided the PII to Duncan who, in turn, provided the PII to others in order to file the fraudulent tax returns. Smith provided the PII directly to those responsible for filing fraudulent tax returns.
In total, Williams and Smith stole the identities of approximately 2,200 patients. Fraudulent tax returns totaling approximately $3.9 million were filed using the stolen PII. The investigation into those responsible for filing the fraudulent tax returns and those who obtained the proceeds from the fraudulently filed returns is ongoing.
This case was investigated by the Internal Revenue Service-Criminal Investigation, the Federal Bureau of Investigation, and the United States Postal Inspection Service. It was prosecuted by Assistant United States Attorney Shawn P. Napier.
SOURCE: U.S. Attorney’s Office, Middle District of Florida
Come to think of it, why haven’t we ever seen this on HHS’s public breach tool? Time to email HHS again, I guess…
Updated March 26: I received a response to my inquiry to HHS, who confirmed that this breach was reported to them in December 2013, and they were working to correct the public breach tool. The Florida Dept. of Health had announced the breach publicly on October 30, right after being informed by law enforcement.
Thank you for sharing.