Texas man who sold protected health information sentenced to prison

By | July 11, 2021

A McKinney, Texas, man who was accused of stealing protected health information was sentenced to 48 months in federal prison this week.

According to a U.S. Department of Justice press release, 46-year-old Demetrius Cervantes pleaded guilty this past December to conspiracy to obtain information from a protected computer.   

WHY IT MATTERS

As outlined in court documents, Cervantes, along with Amanda Lowry and Lydia Henslee, were named in a federal indictment in September 2019.  

The three allegedly breached a provider’s electronic health record system with the aim of stealing patients’ PHI and personally identifiable information.   

This stolen information, according to the DOJ, was then “repackaged” in the form of fake physician orders, and then sold to durable medical equipment contractors.    

The data netted upwards of $ 1.4 million, which the DOJ says defendants then used to fund the purchases of SUVs, off-road vehicles and jet skis.

Lowry, who also pleaded guilty to conspiracy to obtain information from a protected computer, will be sentenced later this month.  

Henslee, meanwhile, was charged in a ten-count superseding indictment with one count of conspiracy to unlawfully transfer, possess, and use a means of identification, and nine counts of unlawfully transferring, possessing, and using a means of identification.   

She pleaded guilty to conspiring to possess and use means of identification in connection with various offenses on March 25; a sentencing date has not been set.  

THE LARGER TREND

Although breaches and theft of protected health information are unfortunately all too common, often the perpetrators are shadowy hacking groups demanding millions of dollars to restore data, rather than individuals apparently looking to make a quick buck. (Though, as Cervantes’ case shows, the latter is not unprecedented.)  

Read More:  079: Pelvic floor health and tips with Brittney Ellers, PT, DPT

Still, the DOJ has flexed its enforcement muscle in both cases. This past month, Reuters reported that the agency will elevate its ransomware investigations to a terrorism-level priority, reflecting the urgency decision-makers feel about the issue.   

ON THE RECORD  

“Today’s sentence sends the message that the theft of protected health information, the fabrication of physicians’ orders, and the sale of prescriptions will not be tolerated in the Eastern District of Texas,” said Acting U.S. Attorney Nicholas J. Ganjei in a statement.    

“This office will continue to pursue those who place profits over patients and manipulate the healthcare system for their personal gain,” Ganjei continued.

Kat Jercich is senior editor of Healthcare IT News.
Twitter: @kjercich
Email: kjercich@himss.org
Healthcare IT News is a HIMSS Media publication.

News from healthcareitnews.com