Hospital X-Ray Racket Provides Burglars with PHI of 17K Patients

Once the Raleigh Orthopedic Clinic decided for its X-ray films to be updated as well as shifted to digital media, the healthcare company naturally required external help. A 3rd party dealer was found that could provide the assistance and the X-ray pictures were sent for change.

The agreement was approved in January of this year and the pictures were transmitted; nevertheless when the clinic did not receive the electronic duplicates of the data doubts were aroused. An inquiry was carried out into the problem in the 1st week of March and it was established that the clinic had been involved in a fraud.

Contrary to other security violations where burglars intentionally set out to thieve ePHI to commit scam, in this case, the burglars desired the x-ray picture for the silver it had. Raleigh Ortho found that its X-rays had been sold on to a reprocessing business based in Ohio which provides a service to reprocess X-ray pictures.

It is known that the unnamed business used by the hospital got the X-rays illegally with an idea to sell the silver. X-ray pictures contain roughly 2% silver and as per the News & Observer burglars are capable to sell the metal for as high as $24.50 for each ounce.

This isn’t the first time a healthcare business has been cheated into giving burglars costly X-rays. In 2012, police apprehended 2 men from South Carolina who had succeeded to get X-rays from 38 healthcare providers by posturing as workers of a reprocessing company.

Raleigh Orthopedic Clinic has verified that although it considers the X-rays were taken for their silver content as well as the X-rays have now been ruined, patients must be cautious and check their bank accounts and credit cards carefully during the next few months just in case the burglars also reproduced the data.

The X-rays contained PHI of 17,000 patients, even though the information was restricted to full names, dates of birth as well as any medicinal issue displayed by the x-ray films. The clinic is in the procedure of communicating those affected to warn them concerning the security breach as per HIPAA breach announcement laws.

Twitter Facebook LinkedIn Reddit Copy link Link copied to clipboard
Photo of author

Posted by

Mark Wilson

Mark Wilson is a news reporter specializing in information technology cyber security. Mark has contributed to leading publications and spoken at international forums with a focus on cybersecurity threats and the importance of data privacy. Mark is a computer science graduate.