Breached: Health Data Security has Sprung an Expensive Leak

South Florida’s identity theft and tax fraud epidemic is often tied to leaky security at medical providers that fail to safeguard patient records.

Fraudulent tax filings cost the federal government $5 billion last year, and South Florida is epicenter for this scam, said Wifredo A. Ferrer, U.S. attorney for the Southern District of Florida. Criminals could not file fraudulent returns without easy access to victims’ personal information.

The identity thieves, often former street criminals, are willing to pay hundreds of dollars for each Social Security number, he said. The masterminds have “filing parties” where they teach others to do fraudulent returns in exchange for a cut, Ferrer said. “Hundreds of thousands of people go to hospitals and, if you have someone inside willing to sell your information for a couple hundred dollars, that will happen.”

In the past few years, employees of Jackson Healthcare System, Memorial Healthcare System, Mount Sinai Medical Center, Boca Raton Regional Hospital and the Palm Beach County Health Department have been charged with stealing patient data to aid fraud schemes. Many other defendants worked for smaller local medical offices.


Cont’d – This health data security article continues in South Florida Business Journal.

HIPAA expands beyond health providers

A new rule expanded HIPAA compliance for patient record security to companies that provide services to the industry.

Jorge Rey, associate principal and director of information security and compliance at accounting firm Kaufman Rossin, said this includes consultants, medical records storage companies, law firms, collection agencies. If there is a data breach or lax security, they could face monetary penalties, he added.

Brill added: “You’re not a security company, yet you have the responsibility for doing the right thing.”


Jorge Rey, CISA, CISM, is a Cybersecurity & Compliance Principal at Kaufman Rossin, one of the Top 100 CPA and advisory firms in the U.S.