Patient Data Theft Sends IT Specialist To Jail

Atlanta man gets 13 months for hacking into former employers computer database and stealing patient data for a competing medical practice.

9 Mobile Health Apps Worth A Closer Look (click image for larger view and for slideshow)
Eric McNeal, a 38-year-old information technology specialist from Atlanta, Ga., has been sentenced for hacking into the patient database of a former employer, stealing patient information, and then deleting the information from the system.
For his crime, McNeal was sentenced on Jan. 10 to serve 13 months in prison with three years of supervision after his release. McNeal also was ordered to perform 120 hours of community service.
The circumstances of this case and resulting
patient data breach
is very common, and can happen in any size of practice, Rick Kam, president and co-founder of ID Experts told
InformationWeek Healthcare.
According to court documents, McNeal, who pleaded guilty to the charge on Sept. 28, worked as an information technology specialist for APA, a perinatal medical practice in Atlanta. He left APA in November 2009, and subsequently joined a competing perinatal medical practice, which was located in the same building as APA.
[ Explore docs fascination with iPads. See
Apple Capitalizes On Doctors iPad Romance.
]
In April 2010, McNeal used his home computer to
hack
into APAs patient database; download the names, telephone numbers, and addresses of APAs patients; and then delete all the patient information from APAs system. McNeal used the patient names and contact information he stole to launch a direct-mail marketing campaign for his new employer. There is no evidence that McNeal downloaded or misused specific patient medical information.
Christine Marciano, president of Cyber Data Risk Managers, said medical facilities looking at this case should ask themselves how they can realistically protect against similar hacking attempts. Having an exit strategy in place when an employee leaves or is terminated should be strictly enforced, Marciano told
InformationWeek Healthcare.
The exit strategy needs to include cutting off the employees access to all of the facilitys databases in order to prevent unauthorized access.
Richard Santalesa, senior counsel at
InfoLawGroup
, said because McNeal pleaded guilty his sentence was reduced, and noted that McNeal could have received a five-year federal prison sentence for his crimes.
Anyone who gives their personal information to a doctor or medical facility does not expect that their information will be hacked and used to make money, U.S. Attorney Sally Quillian Yates, said in a statement. The cost of medical care is already high enough without patients having to pay a heavier cost with the loss of their privacy.
When are emerging technologies ready for clinical use? In the new issue of InformationWeek Healthcare, find out how three promising innovations--personalized medicine, clinical analytics, and natural language processing--show the trade-offs.
Download the issue now
. (Free registration required.)

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Patient Data Theft Sends IT Specialist To Jail