HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Hospital Employee Steals Protected Patient Data to Commit Identity Theft

A former employee of the Bethesda Hospital in Boynton Beach, Fla, has been arrested and charged with identity theft; after fraudulently obtaining IDs and credit int he names of 20 individuals, most of which had been patients of the Boynton Beach hospital in which she worked.

Elexes Thaddies, 24, was arrested on Friday, Aug 7, by Boca Raton police officers as part of an investigation into identity theft and credit fraud, with the investigation first starting in September, 2014. Other police departments were also investigating the crimes, with Coral Springs and Boynton Beach police both looking into identity theft crimes.

The investigations uncovered 20 victims, a number of which were able to identify Thaddies, saying they had seen her working at the hospital. Law enforcement officers also discovered a new account had been opened in a victim’s name, which listed Thaddies named as an authorized user of that account. She had used that account to make a $1,160 purchase at Nordstrom in Palm Beach Gardens, according to the police report.

Thaddies was using the stolen identities to pay her bills and go shopping. First she would obtain the necessary information from hospital records, then use that information on a fake driving license. With that ID she was able to open new accounts in the name of the victims. According to a police report, a Florida ID she used even had a photo of Keira Knightly instead of her own.

Get The Checklist

Free and Immediate Download
HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

The subsequent investigation into the other 20 cases of identity theft resulted in them being tied to Thaddies via shared phone numbers, addresses, and computer IP addresses.

Thaddies has been charged with Grand theft, using an ID card of another without person consent, fraudulent use of a credit card, and organized fraud.

Spate of Identity Theft by Hospital Employees Continues


In June, a Florida Community Health Centers hospital reported an employee potentially stole 94 records, and alerted patients to the risk of identity fraud. Back in March, two employees of Florida Hospital were accused of stealing the Protected Health Information of patients, potentially obtaining the data of as many as 9,000 individuals.

In New York, Monique Walker, 32, an assistant clerk at the Montefiore Medical Center, N.Y, was recently arrested for stealing the data of patients. While, thieves are tempted by the huge rewards on offer, in that case the employee, and her co-defendants, sold the records for as little as $3 each.

Beware of Malicious Insiders


Protecting computer networks and EHRs from cyberattacks may be one of the main priorities for healthcare providers, but the threat from within must not be forgotten. Judging by the volume of data security incidents caused by employees in recent months, it is clear that some healthcare providers need to step up efforts to protect the privacy of patients, as well as install better systems for identifying breaches when they occur.

Theft of data by employees is likely to result in victims’ identities being stolen and financial losses being suffered. It is therefore essential that when data breaches are identified, affected patients are alerted promptly to allow them to take steps to minimize harm and financial loss, and protect their identities.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.