Eric McNeal of Atlanta, Georgia, was sentenced on January 10th, 2012, by US District Judge Willis B Hunt, Jr. for accessing a protected computer of a rival medical practice without prior authorization. This information was then used to send out marketing material for his employer.
United States Attorney Sally Quillian Yates stated that those who give their
details to the health industry expect that information to be kept secure. With the high costs of medical care, patients should not be expected to pay a heavier price through data leaks and cybercrime. She added that electronic information such as this can be easily bought, sold or stolen by those who know the system.
As a result of his actions, McNeal has been sentenced to 1 year, 1 month in prison followed by 3 years of supervised release. He has also been ordered to perform 120 hours of community service. McNeal pleaded guilty to the charge on September 28 last year.
According to information and charges presented in court, McNeal was employed as an IT Specialist for A.P.A., a perinatel medical practice located in Atlanta. In November 2009, McNeal left A.P.A. and was given a job at a competing practice situated in the same building. In April 2012,
McNeal hacked into A.P.A.’s patient database. He then downloaded the personal details of A.P.A.’s patients, erasing them from the organization’s computers. Using this information, McNeal commenced a direct-mail marketing campaign in order to promote his new employer.
While all evidence points to McNeal solely downloading personal information rather than specific medical-related details this is irrelevant in the face of such a severe data breach.
The case was investigated by the FBI and prosecuted by Assistant United States Attorney Steven D. Grimberg.
Further information can be gained from the U.S. Attorney’s Office for the Northern District of Georgia.
More HIPAA HITECH Resources:
The complete HIPAA Privacy, Security and Breach regulations are here.
Latest posts by Bob Chaput (see all)
- Making the case for comprehensive cyber-risk strategies: 10 startling facts that will spur C-suite action - August 8, 2016
- Building Capability and Capacity to Take on Healthcare’s Evolving Security Threats - August 5, 2016
- HIPAA Risk Analysis Tip – The Biggest Risk Management Surprises in the 2016 OCR Audit Protocol - April 11, 2016