Couple Plead Guilty to $1M Fraud Scheme Involving Stolen Patient Data
A former business clerk at Montefiore Medical Center and his partner have pleaded guilty to stealing thousands of patient records and using the stolen data to defraud government agencies out of almost $1 million.
Wilkins Estrella, 40, of Hackensack, New Jersey, had worked at the Bronx hospital for almost a decade. He was terminated in 2020 after an internal audit of access logs revealed he had been accessing patient records without authorization from at least 2020 to 2022. The review confirmed that more than 4,000 medical records were accessed without any legitimate business purpose for doing so. Montefiore Medical Center reported the data breach to the HHS’ Office for Civil Rights and referred the matter to law enforcement for criminal prosecution.
Along with his romantic partner, Charlene Marte, 31, of the Bronx, New York, Estrella misused patient data to open debit card accounts in patients’ names and had those cards sent to their own addresses and those of family members. The pair then used data from multiple sources to target COVID-19 relief funds from the Internal Revenue Service (IRS) and the New York State Department of Labor, including patients’ names, Social Security numbers, and other personally identifiable information obtained from Montefiore Medical Center.
The pair attempted to obtain $1.6 million in stimulus checks, tax refunds, and unemployment benefits, resulting in almost $1 million in actual losses. The funds were loaded onto the debit cards that the couple had fraudulently obtained.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Marte pled guilty to conspiracy to commit wire fraud and bank fraud on July 28, 2025, and is due to be sentenced on November 5, 2025. She faces up to 30 years in jail. Estrella pled guilty to conspiracy to commit wire fraud and bank fraud on August 7, 2025, as well as one count of wrongful disclosure of individually identifiable health information. Estrella faces a maximum jail term of 30 years for the bank and wire fraud counts, and up to 10 years in jail for the wrongful disclosure charge, and is due to be sentenced on December 1, 2025. Estrella and Marte are also liable for $951,618.20 in forfeiture and the same amount in restitution.
“Wilkins Estrella stole the personal data of thousands of people, including hospital patients, and used this data along with his partner Charlene Marte to claim money that was intended to assist struggling Americans during the pandemic,” said U.S. Attorney Jay Clayton. “Defrauding federal programs harms all New Yorkers, and our Office is committed to stopping it.”
