Eric McNeal of Atlanta, Georgia, was sentenced on January 10th, 2012, by US District Judge Willis B Hunt, Jr. for accessing a protected computer of a rival medical practice without prior authorization. This information was then used to send out marketing material for his employer.

United States Attorney Sally Quillian Yates stated that those who give their
details to the health industry expect that information to be kept secure. With the high costs of medical care, patients should not be expected to pay a heavier price through data leaks and cybercrime. She added that electronic information such as this can be easily bought, sold or stolen by those who know the system.

As a result of his actions, McNeal has been sentenced to 1 year, 1 month in prison followed by 3 years of supervised release. He has also been ordered to perform 120 hours of community service. McNeal pleaded guilty to the charge on September 28 last year.

According to information and charges presented in court, McNeal was employed as an IT Specialist for A.P.A., a perinatel medical practice located in Atlanta. In November 2009, McNeal left A.P.A. and was given a job at a competing practice situated in the same building. In April 2012,
McNeal hacked into A.P.A.’s patient database. He then downloaded the personal details of A.P.A.’s patients, erasing them from the organization’s computers. Using this information, McNeal commenced a direct-mail marketing campaign in order to promote his new employer.

While all evidence points to McNeal solely downloading personal information rather than specific medical-related details this is irrelevant in the face of such a severe data breach.

The case was investigated by the FBI and prosecuted by Assistant United States Attorney Steven D. Grimberg.

Further information can be gained from the U.S. Attorney’s Office for the Northern District of Georgia.

Contact us for more information or to learn about a tailored Clearwater HIPAA Audit Prep WorkShop™ or the Clearwater HIPAA Audit Prep BootCamp™ series.

More HIPAA HITECH Resources:

The complete HIPAA Privacy, Security and Breach regulations are here.

Join our AboutHIPAA LinkedIn Group:
Follow us on Twitter
Subscribe to our eNewsletter
Attend a live educational webinar.

Bob Chaput

CEO at Clearwater Compliance
Bob Chaput is widely recognized for his extensive and in-depth knowledge of healthcare compliance and cyber risk management, and is one of the industry’s leading authorities in healthcare information security today. As a leading authority safeguarding health data, Chaput has supported hundreds of hospitals and health systems to successfully manage healthcare’s evolving cybersecurity threats and ensure patient safety.