WSFA reports:
The Alabama Department of Public Health says it is in the process of notifying individuals whose personal information may have been stolen and advising possible victims of alleged fraud to report incidences of identity theft.
ADPH released a statement saying it was informed on June 5, 2014 that the U.S. Attorney’s Office for the Middle District of Alabama and the U.S. Department of Justice’s Tax Division that they were prosecuting a case of theft involving personal information. The info was apparently stolen for use in the filing of fraudulent 2011 and 2012 tax returns.
Read more on WAFF.
Previous coverage on PHIprivacy.net can be found here and here.
What’s not clear to me is why if Mitchell was indicted back in February for her role in stealing patient info at Fort Benning hospital, ADPH is first notifying people now. I’ve sent an inquiry to ADPH and will update this post if I get a response.
ADPH’s press release on the incident is available on their site (pdf). Additional information for victims or those who think they may be victims of the scheme can be found in this statement on ADPH’s website. (pdf)
I find it interesting that the vast majority of records stolen from their archived files were for kids who were under 10 when those files were created. A very tough age group to proactively protect. The targeting was deliberate it would appear.
ADPH told me this am that their archives did not include addresses and that contributed to the delay. WHY that data was deleted but not SSNs is a very good question.
Jeanne
Thanks, Jeanne. On Twitter, we had a brief puzzlement as to why ADPH was even notifying anyone as the state has no breach notification law, and it would appear that the theft of data was from Fort Benning hospital, which puts it under the VA. There must be more to this than I know.
ADPH confirmed for me that their old archives (10+ years old) were accessed and an employee of theirs made more than 500 different copies. They’re still tallying and investigating.
It is now my understanding that the ID theft ring stole files from Ft. Benning, ADPH and also the Alabama Department of Corrections. I recall that the original indictment referenced Benning but the superseding one unsealed May 1 added Corrections ‘and other agencies’ but I may be a bit vague in that recall. It was the reference to Benning and AL Corrections that first caught my eye as I’ve researched Tracy MItchell’s case in the past.
Thanks, Jeanne. Previous coverage included Fort Benning hospital and the DOC, yes, but I don’t remember ever seeing ADPH specifically mentioned. So that explains why they’re notifying. I’ll need to go back and check – or maybe you will – as to whether DOC is notifying, as without a state breach notification law, they may not have to.