Calling South Florida the “epicenter of identity theft,” U.S. Attorney Wifredo Ferrer on Tuesday announced federal charges against more than 100 suspected fraudsters involved in various schemes to steal personal information from tens of thousands of victims — and using that data in an attempt to steal more than $60 million.
Among those charged is a former secretary for Jackson Health System who is accused of playing a key role in a scheme that stole more than 24,000 patient records and used the information to file fraudulent tax returns with the Internal Revenue Service.
“These identity thieves are stealing the blueprints of our lives,” Ferrer said during a press conference where he was joined by representatives from dozens of federal agencies involved in the crackdown, including the IRS and FBI.
The bust announced Tuesday is among the biggest since federal, state and local officials formed the South Florida Identity Theft Fraud Strike Force to combat the rise in tax refund scams in 2012.
Charges were filed against 104 defendants in 81 cases where the personal information of more than 30,000 individuals was “compromised,” Ferrer said. He added that 64 people have been arrested or are already in custody in connection with the bust.
Ferrer noted that identity thieves can strike at hospitals, gas stations and even homes through phone calls and emails soliciting personal information. Among the identity theft crimes alleged were credit card fraud and takeovers of credit card accounts, cellphones and even government programs, such as Social Security and unemployment benefits.
The most prolific of the alleged identity thieves announced Tuesday was Evelina Sophia Reid, a hospital unit secretary and Jackson Health employee since 2005. A grand jury indicted Reid this month, charging her with 14 counts of computer fraud, identity theft and possession of patients’ personal information, including birth dates and Social Security numbers.
Ferrer said hospitals and other institutions, such as schools and large employers, need to do a better job of protecting personal identifying information from thieves.
“They need to have robust safeguards to make sure this type of information is not so easily accessible,” he said. “What we have seen over and over again is that way too many employees have access to this information.”
According to the indictment, Reid stole patient records from computers at Jackson — Miami-Dade’s public hospital system — and then delivered the information to accomplices who filed fraudulent tax returns for those patients.
If convicted of the charges, Reid could face dozens of years in prison.
Reid was suspended in February 2016 on suspicion of stealing reams of private patient information between 2012 and 2016. Calling Reid a “rogue” employee, Jackson officials placed her on administrative leave and stripped her of access to all hospital facilities and records in February 2016.
Jennifer Piedra, a spokeswoman for Jackson Health, said in a written statement Tuesday that Reid had been terminated, and that hospital administrators have “upgraded” Jackson Health’s information security systems, “including additional safeguards to prevent privacy breaches.”
“We believe it to be in our patients’ best interest to not disclose specifics pertaining to our information security systems, so as to not risk compromising their effectiveness,” she said.
With Jackson Health in the midst of a $1.4 billion makeover, much of it paid for with taxpayer-financed bonds, Jackson CEO Carlos Migoya noted in a memo to Miami-Dade commissioners last year the harm that such data breaches can cause to Jackson Health and its efforts to attract more patients.
“For Jackson’s transformation to continue succeeding,” he wrote last year, “we must have an impeccable reputation for respecting the privacy of our patients and their records. Even one dishonest employee can tarnish the reputation of our 11,000 committed and loyal healthcare professionals.”
At the time, Migoya wrote that Jackson Health’s estimated 11,000 employees had completed additional training on patient privacy. The hospital system said it also notified patients whose personal information may have been stolen, and offered to pay for credit-monitoring services.