Data stolen at New York-Presbyterian with intent to sell

Hospital employee accesses patient records. Source: Advanced Productivity Computing  

A former employee of New York-Presbyterian Hospital/Weill Cornell Medical Center has been charged by the U.S. Attorney for the Southern District of New York with accessing approximately 50,000 patient records for the purpose of selling personal information. The hospital does not believe any health-related information was included.

Dwight McPherson, a former patient admissions representative, was arrested as part of an investigation involving the U.S. Postal Inspector, Secret Service and Federal Bureau of Investigation.

According to the U.S. Attorney’s office, in early 2006, McPherson agreed to provide the personal identification information New York-Presbyterian patients to at least two co-conspirators, who were not identified, in return for money.

McPherson accessed 49,841 patient records during a two-year period of time. In December 2007 and early 2008, McPherson sold more than 2,000 patient identification records to his co-conspirators in New York. In February, approximately 221 of these records were seized by federal agents in Atlanta.

McPherson sold 1,000 records for $750 and another batch of unspecified size for $600 a short time later, according to the Associated Press. On April 12, he was arraigned in federal court in Manhattan.

According to the hospital’s website, all affected patients are being contacted by mail and will be directed to a special hotline for further information and the hospital said it will pay for one year of credit-monitoring services for patients. An internal task force has been contracted to build upon the hospital’s existing systems and to develop a comprehensive program to prevent potential data theft in the future.