Eric McNeal of Atlanta, Georgia, was sentenced on January 10th, 2012, by US District Judge Willis B Hunt, Jr. for accessing a protected computer of a rival medical practice without prior authorization. This information was then used to send out marketing material for his employer.
United States Attorney Sally Quillian Yates stated that those who give their
details to the health industry expect that information to be kept secure. With the high costs of medical care, patients should not be expected to pay a heavier price through data leaks and cybercrime. She added that electronic information such as this can be easily bought, sold or stolen by those who know the system.
As a result of his actions, McNeal has been sentenced to 1 year, 1 month in prison followed by 3 years of supervised release. He has also been ordered to perform 120 hours of community service. McNeal pleaded guilty to the charge on September 28 last year.
According to information and charges presented in court, McNeal was employed as an IT Specialist for A.P.A., a perinatel medical practice located in Atlanta. In November 2009, McNeal left A.P.A. and was given a job at a competing practice situated in the same building. In April 2012,
McNeal hacked into A.P.A.’s patient database. He then downloaded the personal details of A.P.A.’s patients, erasing them from the organization’s computers. Using this information, McNeal commenced a direct-mail marketing campaign in order to promote his new employer.
While all evidence points to McNeal solely downloading personal information rather than specific medical-related details this is irrelevant in the face of such a severe data breach.
The case was investigated by the FBI and prosecuted by Assistant United States Attorney Steven D. Grimberg.
Further information can be gained from the U.S. Attorney’s Office for the Northern District of Georgia.
More HIPAA HITECH Resources:
The complete HIPAA Privacy, Security and Breach regulations are here.
Latest posts by Bob Chaput (see all)
- HIPAA Risk Analysis Tip – Part 5 – Questions & Answers from May 3rd Conversation with Former OCR Director Leon Rodriguez - June 5, 2017
- HIPAA Risk Analysis Tip – Part 4 – Questions & Answers from May 3rd Conversation with Former OCR Director Leon Rodriguez - May 29, 2017
- HIPAA Risk Analysis Tip – Part 3 – Questions & Answers from May 3rd Conversation with Former OCR Director Leon Rodriguez - May 21, 2017