Hospital employee fired and facing criminal charges for accessing data

Share this article:

An employee of Florida-based Holy Cross Hospital has been fired and faces criminal charges after accessing personal information on thousands of patients with intent to file fraudulent tax returns.

How many victims? 9,900 patients.

What type of personal information? Names, addresses, dates of birth and Social Security numbers were among the information.

What happened? A hospital employee was discovered to be inappropriately accessing patient records. 

What was the response? The hospital opened an investigation. The employee was fired and the hospital is pressing criminal charges. Letters have been sent to all patients whose files may have been accessed by the employee. Affected patients are being offered one free year of credit monitoring services.

Details: The former employee had been accessing the information, appropriately and inappropriately, from November 2011 to August 2013. An investigation opened by the hospital revealed that the employee may have wanted to use the information to file fraudulent tax returns.

Quote: “The employee was terminated, and efforts are underway to prosecute this individual to the fullest extent possible,” a hospital spokesperson said. “Holy Cross Hospital takes this issue very seriously. Although evidence does not indicate that the patient information was used for other forms of identity theft and fraud, all patients affected by this incident have been notified by mail and are being offered free credit monitoring services.”

Source:, NBC 6 South Florida, “Holy Cross Hospital Warns Patients of Data Breach,” Sept. 25, 2013.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Next Article in The Data Breach Blog

Sign up to our newsletters



More in The Data Breach Blog

About 60K transactions possibly affected in Cape May-Lewes Ferry breach

The security of card processing systems relating to food, beverage and retail sales at the Cape May-Lewes Ferry was compromised and payment card data may be at risk.

Arkansas State University-Beebe is investigating a potential breach

Arkansas State University-Beebe is notifying students and employees of a service running on one of its servers that could pose a potential breach to the system.

Unencrypted discs missing, Arizona State Retirement System notifies 44,000

Arizona State Retirement System notifies nearly 44,000 individuals enrolled in dental plans that two unencrypted discs containing their personal information are missing.