Palm Beach County Health Department Employee Arrested for Identity Theft: Scott & Scott, LLP Says Incident a Good Reminder for Companies to Implement Security Measures

Texas-based Scott & Scott, LLP says Palm Beach County Health Department’s employee arrest for identity theft is a reminder that data breaches are not confined to outside hackers and highlights the need for organizations to have data security measures in place. According to reports, PBCHD has had prior instances of data privacy and negligence.

  • Share on TwitterShare on FacebookShare on Google+Share on LinkedInEmail a friend

Robert J. Scott, Managing Partner, Scott & Scott, LLP

Every business collecting, using, maintaining, or storing electronic data is at risk for a security incident.

Southlake, Texas (PRWEB) February 20, 2013

The United States Attorney for the Southern District of Florida, announced that a senior clerk at the Palm Beach County Health Department was arrested last week on charges of identity theft. According to the criminal complaint, for approximately the last year, the clerk obtained patient identification information, including more than 2800 patient names, dates of birth, and social security numbers from the department’s computer system and gave that information to her accomplices to file fraudulent tax returns.

“Our firm has been concerned about the growth in data breach incidents and the failure of companies that experienced data breach to implement appropriate measures”, said Robert J. Scott, Managing Partner, Scott & Scott, LLP, an intellectual property and technology law firm, with a practice area focus on security and privacy.

In 2007, Scott & Scott, LLP commissioned the Ponemon Institute, an independent research firm, to study the business impact of data breaches. The report showed

  • 42% missing equipment as the probable cause of a breach
  • 16% attributable to negligence
  • 10% to negligent third parties
  • 7% to IT mishaps
  • 4% to missing backup media.

“Six years after our survey disclosed many companies that experienced a data breach may not be implementing appropriate measures to prevent repeat incidents, I’m surprised to read that Palm Beach County Health Department may have had multiple incidents with alleged repeated negligence”, said Scott.

The February 12th issue of PHIprivacy.net reports the following incidents as compiled by DataLossdb.org:

  • “In 2005, 6,500 HIV positive patients had their names on a confidential list that was accidentally sent in an email to 800 people;
  • In 2005, 15 pages from a confidential list of HIV-positive people was lost or stolen from an analyst’s desk. This incident appeared to be independent of the breach reported two months previously;
  • In 2007, confidential test results of patients who tested positive for various communicable diseases were found in file cabinet being sold at surplus auction;
  • In 2012, a system upgrade left names, Social Security numbers, dates of birth, and other information exposed on the Internet for two months;
  • In 2012, they learned – from others – that hundreds of clients’ names, dates of birth and Social Security numbers had been stolen by a senior clerk in the medical records department; 111 became victims of tax refund fraud; and
  • Now another senior clerk has been arrested for allegedly stealing information for tax refund fraud, and again they neither prevented the breach nor discovered it through their own internal means.”

Every business collecting, using, maintaining, or storing electronic data is at risk for a security incident. Even those companies that have implemented the most advanced security initiatives are not immune from data breaches. That is why Scott & Scott, LLP recommends companies take preventive measures and have an incident response plan in place.

About Scott & Scott, LLP
Scott & Scott is an international law and technology services firm dedicated to helping senior executives assess and reduce the legal, financial, and regulatory risks associated with information technology issues. An innovative approach to legal services, Scott & Scott believes that collaboration between legal and technology professionals is necessary to solve and defend against the complex problems our clients face, including privacy and network security, IT asset management, software license compliance, and IT transactions. Legal and technology professionals work in tandem to provide full-service representation. By combining these resources, Scott & Scott is better able to serve clients' needs than law firms and technology services firms working independently of one another. Visit Scott & Scott online at http://www.scottandscottllp.com.

-30-


Contact