Today, a surprising number of identity theft cases stem from thieves who have access to personal information as part of their day job. One recent example is the case of Katina Candrick, a 34-year-old Texas woman who had worked for a medical billing contractor. During the course of her work, she gained access to patients’ personal data. Candrick was recently sentenced to 15 years in prison for stealing this information, and must pay over $163,000 in restitution to her victims.
From July 6 through Nov. 13, 2009, Candrick was employed as a patient account representative for the Richardson, Texas office of MedAssets, which handles billing for healthcare organizations. In that role, she illegally obtained personal information on more than 1,200 individuals from billing accounts she handled, which she used to fraudulently make purchases, according to the U.S. Attorney’s Office for the Western District of Texas. Many of the individuals were patients at University of Texas Medical Branch, Galveston, the office confirmed.
Candrick used the stolen information to pay for cars and her living expenses, and when she was arrested in December of 2009, she was even living by the name of a person whose identity she had stolen from work. Clearly, this was an inside job.
According to Joe Gottlieb, CEO of SenSage, cybercrimes are increasingly committed by those who have access to personal data in the course of their job. He says that many companies fail to monitor employees with access to this information. Beyond the typical background check, how else can companies prevent these inside jobs? If a company has sensitive information that it must entrust to employees, clearly there is much more that can be done to protect this information.
Consumers should consider an identity theft service like Lifelock, that will scan public and private databases for the misuse of their information. Read our detailed Lifelock review for more information.