The FBI has arrested a former branch manager of San Jose Medical Group, who is charged with stealing medical and financial information about 185,000 patients of the group.
Joseph Nathaniel Harris is accused of stealing computers and a disc that contained the records of patients of the medical group, according to a complaint filed in U.S. District Court in San Jose. The complaint alleges that Harris stole the computers March 28, although he later told the FBI he didn't know the patient information was contained on the stolen CD until seeing news accounts of the heist. After that he smashed CD in a million pieces and continued thinking how to sell stolen hardware.
The theft of two Dell computers and the information prompted the physicians group to send a first-class letter to about 185,000 current and former patients alerting them the stolen confidential material contained names, addresses, medical information and Social Security numbers.
The FBI quickly focused on Harris after San Jose Medical Group CEO Ernie Wallerstein reported the computer theft in March. Wallerstein told the FBI that Harris was manager of the group's McKee branch from August 2004 to September 2004 and was asked to resign after being confronted about stealing money and medication.
The FBI agents determined that Harris, while working for the medical group, bragged about being a U.S. Army Green Beret and having a side business selling computers. He had been fired from the Silicon Valley Children's Fund after serving there as program director from August 2002 to August 2003 because he spent too much time on his side business.
Several weeks before the medical group's computers were stolen, the children's fund was also burglarized and two of its computers were stolen. Computers from both thefts were later offered for sale on Craigslist, an Internet bulletin board, under e-mail addresses linked to Harris. Harris was arrested last month in Campbell for an alleged auto theft and was interviewed in jail by the FBI. He acknowledged that he sold computers on Craigslist and said if he was let out of jail, he could lead the FBI to the disc with the patient information. The disc was later found in his car and recovered.
“This is the most striking example of the lowest level of physical security and criminal negligence in the medical organizations. I really wonder if the group's staff has been so naive to leave the CD with confidential medical and financial information just in CD-ROM or on the table in office", — commented Denis Zenkin, the Marketing Director of InfoWatch company. “After this incident we should ask ourselves if private data are well secured in other medical organizations" — he added.
Source: The Mercury News (requires registration)