Man admits to paying hospital employees to steal patient data

[Erica Absetz <eabsetz () opensecurityfoundation org>]

http://www.orlandosentinel.com/news/local/breakingnews/os-florida-hospital-stolen-patient-information-20130107,0,3868320.story

A Central Florida man associated with medical centers and an injury
hotline admitted in federal court Monday that he paid Florida Hospital
employees to steal patient information.

Federal authorities say Sergei Kusyakov, who was involved with Metro
Chiropractic and Wellness Center and City Lights Medical Center,
illegally obtained private information about patients through Dale
Munroe II and his wife, Katrina Munroe, who worked at Florida
Hospital's Celebration campus.

Authorities said Dale Munroe accessed more than 763,000 records for
patients treated at various Florida Hospital locations. He focused on
patients who were in automobile accidents, and inappropriately
reviewed in detail more than 12,000 patient records.

Prosecutors said that from 2009 until July 2011, Munroe accessed
patient data while working as a registration representative in the
emergency department.

Kusyakov paid Munroe for the patient information, and then Kusyakov
and other conspirators used the information to solicit patients for
lawyers and chiropractors.


Some patients received a phone call within days after their visit to a
Florida Hospital campus, prosecutors said. The caller knew specifics
about the vehicle accident and the patients' treatment at the
hospital.

If the patient asked the caller how they received their personal
information, the solicitor either hung up, or tried to give an excuse
that the information was public record.

Prosecutors said one of the phone numbers used by one of the
solicitors was linked to Kusyakov. Investigators found Kusyakov paid
Munroe and his wife more than $10,000 for their work.

Dale Munroe was fired in July 2011 after officials learned he accessed
the medical records of a Florida Hospital doctor who was fatally shot
in a hospital parking garage.

At that point, prosecutors said, Katrina Munroe, who worked at the
hospital as an insurance representative, began stealing patient
information.

The scheme was detected in August 2011, when they took information
about a patient whose mother worked at the hospital.

When the patient's mother received a call offering the services of an
attorney, she knew the caller should not have her daughter's
information and confronted the solicitor. The caller hung up, and the
hospital employee reported the incident to Florida Hospital.

Dale and Katrina Munroe each pleaded guilty to federal charges and are
awaiting sentencing.

On Monday, Kusyakov pleaded guilty to one count of conspiracy to
defraud the United States, and four counts of making a payment to a
non-licensed physician. He faces up to 15 years in prison and will be
sentenced March 25.

Authorities also said Kusyakov employed "runners" to gather people to
participate in staged car accidents, so those people could seek
treatment at Kusyakov's clinics and bill the insurance companies for
treatment.
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.