Florida hospital employee steals identities, causes breach

A Florida hospital experienced a data breach courtesy of an employee whose job was to help patients with mental health problems find jobs within the hospital system. Instead, he stole their identities.

According to the Sun-Sentinal, Curtis Fullwood, 57, and his cousin, Terri Davis, 45, have pleaded not guilty to a federal indictment charging them with conspiracy to commit identity theft, conspiring to disclose individual's health information, access device fraud, wrongful disclosure of health information and aggravated identity theft. Fullwood was an employee at South Florida State Hospital in Pembroke Pines.

The two are accused of working together to steal individual patients' names and social security numbers to file fraudulent income tax returns between September and April of 2012, investigators said.

Fullwood obtained patients' information by illegally using computers at the Pembroke Pines psychiatric hospital to steal the identities of people who were admitted for treatment, according to court records. The two suspects had identifying information for more than 1,000 people without their permission, FBI agents wrote.

Both men are free on bond pending the outcome of the case. Fullwood is on unpaid leave from his job and a judge ordered him not to work in any role that would give him access to other people's Social Security numbers.

Fullwood has worked for the hospital for more than 12 years and "his current responsibilities include assisting psychiatric patients at South Florida State Hospital to obtain jobs within the hospital," agents wrote.

Most of the patients at the hospital are involuntarily admitted for mental health treatment at the request of Florida's Department of Children and Families, according to court records.

Davis and Fullwood came under suspicion when Davis turned over some of the patients' identities to an informant who was working under cover with the FBI, agents wrote. The meeting was secretly recorded, records show.

Workers for GEO Care, which runs the facility, checked their computer records and found that Fullwood was the only employee who viewed patient admissions reports on their computers on the dates in question, according to the Sun-Sentinal.