Nearly 15,000 Shands patients could be identity theft targets
Published: Wednesday, April 3, 2013 at 9:59 a.m.
Last Modified: Wednesday, April 3, 2013 at 9:59 a.m.
The University of Florida sent letters Tuesday to 14,339 patients of the UF&Shands Family Medicine at Main practice telling them they might be the victims of identity theft.
Two people have been arrested, including an employee at that medical clinic, for potentially compromising patient personal information as part of an identity theft ring, said Jackelyn Barnard, a spokeswoman for the Florida State Attorney's Office.
Arthur Thomas, 25, of Gainesville, was arrested Tuesday by the State Attorney's Office in Jacksonville following an investigation that began in October.
Daremia Crews, 24, of Jacksonville, was arrested in January, also by the State Attorney's Office, for her alleged involvement in the identity theft ring. Crews had been an intern at the Brentwood Primary Center, which is affiliated with Shands Hospital at Jacksonville.
According to a Jacksonville Sheriff's Office report, investigators learned that Thomas was in their area and selling identities of the Shands patients.
An officer stopped a vehicle driven by Thomas for a speeding violation, and a search uncovered a duffel bag with about 1,600 personal identities on a computer-generated appointment information sheet. They also found several debit cards with names other than Thomas'.
The state attorney, Internal Revenue Service and the U.S. Secret Service offices allege Thomas acquired patient insurance information, including names, addresses, dates of birth and Social Security numbers, and potentially shared that information with a third party, according to a UF media release Wednesday.
Any patient at Shands Main practice between March 2009 and October 2012 might have been a victim of identity theft. UF has been unable to locate the current addresses for 450 patients.
"We don't know how many patients' information was sold," said Susan Blair, the chief privacy officer for UF, adding, "The phone's been ringing off the hook" from patients Wednesday.
UF would not disclose what position Thomas held at the Main clinic.
Blair said that after being alerted in October to the investigation, "We did our own investigation and found that he was looking at things he should not have been. It was largely demographic information. ... those things that would have value in the marketplace. He did not mess with the medical part of the records."
According to a Jacksonville Sheriff's Office report, Crews worked at the Brentwood Primary Center, where she allegedly took pictures on her phone of computer screens containing patient information, including names, dates of birth and Social Security numbers.
The report stated that Crews sent 261 identities through this method to her source in the ring.
Blair said this is the first time UF has been implicated in identity theft, although it has been a victim of hacking.
"It's very disappointing," she said. "Right now we have not specifically identified theft associated with the data breach, and I hope it stays that way.
"We see these individuals who are bent on criminal activity getting hired into the organization ... and go for the express purpose of getting access," Blair continued.
She added that although Shands does background checks on all employees, people who haven't been caught might slip through the cracks.
"There's a huge concern up and down the state about identity theft," she said.
UF is offering fraud resolution services to patients who suspect or confirm identity theft associated with the incident. For more information, contact 877-552-1299, or http://privacy.ufl.edu.
Contact Kristine Crane at 338-3119 or firstname.lastname@example.org.