Fraud , ID Theft

Nine Plead Guilty in $20 Million Fraud Scheme

Defendants Include Former Military Hospital Worker
Nine Plead Guilty in $20 Million Fraud Scheme

Nine individuals have pleaded guilty to charges stemming from their involvement in a $20 million identity fraud scheme. Among the defendants is a former military hospital worker who stole soldiers' personal information to file false federal tax returns, prosecutors say.

See Also: IoT is Happening Now: Are You Prepared?

In an April 1 statement, the U.S. Department of Justice says the nine Alabama and Georgia residents recently pleaded guilty in the U.S. District Court for the Middle District of Alabama for their roles in the fraud conspiracy.

The stolen information, including names, Social Security numbers and dates of birth, was used to file more than 7,000 false tax returns for refunds in excess of $20 million, federal prosecutors say. The personal information was stolen from a U.S. Army hospital at Fort Benning, Ga., an unidentified Georgia call center, and various Alabama state agencies, including its public health, corrections and human resources departments.

The nine defendants who pleaded guilty include Tracy Mitchell, a former employee of the hospital at Fort Benning. Prosecutors say that as a hospital employee, Mitchell had access to the identification data of military personnel, including soldiers who were deployed to Afghanistan, which she stole and used to file false tax returns. The court papers do not indicate the type of job Mitchell held at the hospital or how many military personnel were impacted by the ID theft. She worked at the hospital from 2011 to 2013.

Mitchell on March 30 pleaded guilty to one count of conspiracy to file false tax claims, one count of wire fraud and one count of aggravated identity theft. Mitchell's sentencing is set for June 30.

The defendants each face a maximum sentence of 10 years in prison for each count of conspiracy to file false claims, a maximum of 20 years in prison for each wire fraud count, and mandatory minimum sentence of two years in prison for each aggravated identity theft count.

"Stealing a person's identity is a horrendous crime," said U.S. Attorney George Beck in the DOJ statement. "It can take months or years for a victim of identity theft to correct the damage that these criminals reaped upon him or her. But these defendants stole identities from military men and women who have volunteered to protect our country. That is inexcusable and will not be tolerated."

Public Health Breach

In addition to the nine individuals who recently pleaded guilty in the ID scheme, federal prosecutors allege that two other defendants are also part of the crime ring. One of those co-conspirators, Mequetta Snell-Quick, is scheduled to appear in federal court on April 6. And in a case related to the Mitchell scheme, prosecutors say on Oct. 2, 2014, Tamika Floyd pleaded guilty to one count of conspiracy to file false tax claims and one count of aggravated identity theft. She is scheduled to be sentenced on May 19.

A plea agreement document indicates that Floyd worked at the Alabama Department of Public Health from 2006 to May 2013, and then at the Alabama Department of Human Resources from May 2013 to July 2014. While working in her state jobs, Floyd had access to databases that contained identification information of individuals, which she stole and provided to co-conspirators for the filing of false tax returns, the document says. The papers do not indicate the jobs or roles that Floyd had during her employment at the state agencies.

Last July, Alabama public health officials contacted about 1,200 individuals whose data was believed to have been compromised by the ID fraud scheme. That breach was posted on June 26, 2014, on the U.S. Department of Health and Human Services' "wall of shame" of major HIPAA breaches as theft involving electronic health records and affecting 1,200 individuals (see Data Breach Linked To Tax Fraud Ring).

Other Fraud

In another recent, unrelated Alabama fraud case, a former lab technician at 235-bed Flowers Hospital in Dothan, Ala., was sentenced in December to a two-year prison term and ordered to pay $19,000 in restitution after pleading guilty in July 2014 to one count of aggravated identity theft (see Prison Term For ID Theft at Hospital).

A class action lawsuit filed against Flowers Hospital in May 2014 alleges that the breach affected "thousands" of plaintiffs. That breach was posted on the HHS website in April 2014 as a theft of paper/films affecting 629 individuals.

Privacy and security experts say that healthcare entities need to take key measures to prevent ID theft involving workers.

"Some good ways to reduce the risk include thorough background checks of employees, reducing the use of Social Security numbers and other risky information within the organization where possible, minimizing the types of employees who have access to such information, reviewing system activity to identify patterns that may demonstrate abuse of access, and considering technologies such as data loss prevention to reduce the risk of information leaving the network," advises privacy attorney Adam Greene of the law firm Davis Wright Tremaine.


About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity

Marianne Kolbasuk McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site, and played a lead role in the launch of InformationWeek's healthcare IT media site.




Around the Network