Secret Service probing records theft
Published 6:17 am Thursday, July 7, 2011
U.S. Secret Service agents say the theft of personal information from patient records at Troy Regional Medical Center is connected to an investigation that reaches far beyond Pike County lines.
“Currently our office is investigating a case of identity theft and a part of that investigation involves the compromise of personal identifiers related to the hospital in Troy,” said Clayton Slay, the resident agent in charge of the Montgomery office of the Secret Service.
“We’re working closely with the U.S. Attorney’s Office in Montgomery and we have several suspects identified in the case,” he said. “It’s expected to be presented to a federal grand jury in the near future.”
Troy Regional Medical Center administrators said Tuesday that personal information from 880 of its former patients was illegally accessed and removed from the hospital’s records earlier this year. The information compromised includes names, addresses, birth dates, Social Security numbers and medical record numbers. The theft does not involve medical information and appears to be limited to patients born between 1988 and 1992, administrators said.
“The hospital has been working very diligently with us in this investigation,” Slay said.
The Troy hospital’s records are only a small part of the larger investigation. “It involves other areas besides just Troy and one other medical facility, in DeKalb , Ga.,” Slay said. “But there are other sources (of compromised information), not just the medical institutions.”
Teresa Grimes, CEO and administrator at TRMC, said Tuesday authorities were concerned the information obtained from the records could be used to file fraudulent income tax claims.
“The income tax fraud is one basis of the investigation, but it’s not the entire investigation,” Slay said.
The hospital staff is working this week to notify the patients involved in the incident.
“We greatly regret this incident and we are committed to protecting our patients’ information and to providing assistance to protect the personal information of the patients affected,” Grimes said Tuesday.
“When we learned of the breach, we immediately initiated our own investigation,” Grimes said. “ As part of the investigation, we are reinforcing our security policies and safeguards to protect further unauthorized access and use of patient information and to prevent harm to individuals affected …
“We are developing and implementing a corrective action plan to better protect our patients’ personal information … and we have consulted with an outside expert who has extensive experience investigating these types of issues.”
The hospital also is requiring immediate, mandatory training to all employees regarding the protection of patient information. The hospital employs 276 people and has 41 contracted employees working on its campus, Grimes said.
The hospital also is providing one year of free identity protection resources to the 880 patients affected. “Affected patients have been sent information by U.S. mail with details regarding how to activate their protection, which is being provided by Experian through its ProtectMyID product,” Grimes said.
To determine whether a fraudulent income tax return may have been filed and invoke other protections that may be available from the IRS and other agencies, affected patients may also contact the IRS toll free at (800) 908-4490 or in person at 1285 Carmichael Way, Montgomery, Alabama, 361016, and contact the Federal Trade Commission toll free at (877) 438-4338 or online at www.consumer.gov/idtheft.
Also, anyone who has questions about their data may call the hospital toll free at (800) 457-5173 or via email at email@example.com.