An Atlanta, Georgia man was sentenced earlier this month to one year and one month in prison for intentionally accessing a computer of a competing medical practice, and taking personal information of the patients. The individual made this improper access in order to send marketing materials to patients at the other practice.
The individual worked as an information technology specialist for a perinatal medical practice in Atlanta. He separated from employment from the first practice and joined a competing perinatal medical practice, located in the same building. He then used his home computer to hack into his former employer’s patient database. He downloaded the names, telephone numbers, and addresses of his former employer’s patients and then deleted all the patient information from their system. He subsequently used the patient names and contact information to launch a direct-mail marketing campaign for the benefit of his new employer. Even so, there was no evidence that patient medical information was accessed or misused.
United States Attorney Sally Quillian Yates said, “Anyone who gives their personal information to a doctor or medical facility does not expect that their information will be hacked and used to make money. The cost of medical care is already high enough without patients having to pay a heavier cost with the loss of their privacy. This is cybercrime. Electronic information is bought, sold and stolen, often by someone who knows a system and, with a few keystrokes, makes our community vulnerable.”
McNEAL was sentenced to 1 year, 1 month in prison to be followed by 3 years of supervised release, and ordered to perform 120 hours of community service. McNEAL pleaded guilty to the charge on September 28, 2011.