Children's Hospital families affected by ex-employee fraud
Technorati Tag: Security Breach
Date Reported:
11/23/08
Organization:
The Children's Hospital
Contractor/Consultant/Branch:
Revenue Enterprises LLC (a subsidiary of RSI Enterprises, Inc.)
Location:
Aurora, Colorado
Victims:
Patient families
Number Affected:
"as many as 1,000"
Types of Data:
"credit card information"
Breach Description:
"DENVER - The Children's Hospital and a third-party billing contractor will warn as many as 1,000 families that their credit card information may have been compromised by a former employee."
Reference URL:
KUSA Channel 9 News
Report Credit:
Kyle Clark and Colleen Locke, KUSA Channel 9 News, and a special thanks to informed reader Rob Douglas at InsideIDTheft.info
Response:
From the online source cited above:
DENVER - The Children's Hospital and a third-party billing contractor will warn as many as 1,000 families that their credit card information may have been compromised by a former employee.
[Evan] This is low, as in little or no decency.
Aurora-based Revenue Enterprises recently terminated an employee that handled billing for The Children's Hospital after it was discovered she used a family's credit card to pay for a vacation in Las Vegas.
"The next step in the process is isolating those consumers who have any remote likelihood of having a problem," said Revenue Enterprises CEO Tim Brainerd.
Brainerd estimated 500 to 1,000 families gave payment information to the employee in question.
Revenue Enterprises is drafting a letter to notify them of the identity theft and asking them to check their own records for any discrepancies.
The employee, who was employed with the Aurora-based company for seven months, is believed to have copied down the credit card information while taking a payment by phone from a Denver family.
Marcus and Heather Oginsky were paying for their son's surgery at The Children's Hospital.
"It's one thing to steal, but to steal from people who obviously have been through a hard time and whose child has been through a hard time, I think you have to be a pretty bad person," said Heather Oginsky. "It's just so low."
The Oginskys are satisfied with the response by The Children's Hospital and Revenue Enterprises.
[Evan] Should the hospital and/or Revenue Enterprises have some liability for damages? Hard to say.
"I thought they handed it very expediently and very appropriately," said Marcus Oginsky.
The Children's Hospital spokeswoman Elizabeth Whitehead issued a written statement saying the hospital was evaluating Revenue Enterprises' response plan and security measures.
[Evan] This is always prudent, irregardless of a breach.
"The safety, security and well being of our families is our first priority, and in that spirit we will continue to closely monitor this situation," the statement read in part.
Brainerd expressed frustration over the situation.
Brainerd said his company protects customer information placed into its computer systems and this breach must have occurred in real-time during a payment call.
"Never in 23 years" has such an incident occurred, Brainerd said.
"Short of literally having a supervisor being on every phone call with every person, I think we've done all the prudent things we can do."
[Evan] Does the company regularly record telephone calls, and if so are employees made aware ( and warned)?
The Oginskys are also frustrated, upset that the person who stole their information is not likely to face criminal charges.
[Evan] What?! Are you kidding me? How can this be?
The hotel where their credit card was used, the Excalibur, plans to write off the loss instead of filing a police report.
[Evan] In my opinion, this is a case where ethics should come before a "business case". This seems a little selfish.
According to the Oginskys, Denver Police sent them a letter saying they would not pursue to the case due to a backlog of similar reports unless the hotel would also press charges.
The Revenue Enterprises employee passed a background check before beginning work, the company said.
The Oginskys are troubled that she could still pass that same check in the future.
[Evan] This is huge concern. Due to the fact that there will be no charges filed, there is nothing to stop this crook from doing the same thing in the future. If there is no public record, there is little or no information available to warn future employers.
Commentary:
The fact that the lady who committed this fraud will likely face no consequences (minus a lost job) is a very tough pill to swallow. It would be nice if Excalibur or the Denver police would make an exception in this case. She should face justice.
Past Breaches:
Unknown
Date Reported:11/23/08
Organization:
The Children's Hospital
Contractor/Consultant/Branch:
Revenue Enterprises LLC (a subsidiary of RSI Enterprises, Inc.)
Location:
Aurora, Colorado
Victims:
Patient families
Number Affected:
"as many as 1,000"
Types of Data:
"credit card information"
Breach Description:
"DENVER - The Children's Hospital and a third-party billing contractor will warn as many as 1,000 families that their credit card information may have been compromised by a former employee."
Reference URL:
KUSA Channel 9 News
Report Credit:
Kyle Clark and Colleen Locke, KUSA Channel 9 News, and a special thanks to informed reader Rob Douglas at InsideIDTheft.info
Response:
From the online source cited above:
DENVER - The Children's Hospital and a third-party billing contractor will warn as many as 1,000 families that their credit card information may have been compromised by a former employee.
[Evan] This is low, as in little or no decency.
Aurora-based Revenue Enterprises recently terminated an employee that handled billing for The Children's Hospital after it was discovered she used a family's credit card to pay for a vacation in Las Vegas.
"The next step in the process is isolating those consumers who have any remote likelihood of having a problem," said Revenue Enterprises CEO Tim Brainerd.
Brainerd estimated 500 to 1,000 families gave payment information to the employee in question.
Revenue Enterprises is drafting a letter to notify them of the identity theft and asking them to check their own records for any discrepancies.
The employee, who was employed with the Aurora-based company for seven months, is believed to have copied down the credit card information while taking a payment by phone from a Denver family.
Marcus and Heather Oginsky were paying for their son's surgery at The Children's Hospital.
"It's one thing to steal, but to steal from people who obviously have been through a hard time and whose child has been through a hard time, I think you have to be a pretty bad person," said Heather Oginsky. "It's just so low."
The Oginskys are satisfied with the response by The Children's Hospital and Revenue Enterprises.
[Evan] Should the hospital and/or Revenue Enterprises have some liability for damages? Hard to say.
"I thought they handed it very expediently and very appropriately," said Marcus Oginsky.
The Children's Hospital spokeswoman Elizabeth Whitehead issued a written statement saying the hospital was evaluating Revenue Enterprises' response plan and security measures.
[Evan] This is always prudent, irregardless of a breach.
"The safety, security and well being of our families is our first priority, and in that spirit we will continue to closely monitor this situation," the statement read in part.
Brainerd expressed frustration over the situation.
Brainerd said his company protects customer information placed into its computer systems and this breach must have occurred in real-time during a payment call.
"Never in 23 years" has such an incident occurred, Brainerd said.
"Short of literally having a supervisor being on every phone call with every person, I think we've done all the prudent things we can do."
[Evan] Does the company regularly record telephone calls, and if so are employees made aware ( and warned)?
The Oginskys are also frustrated, upset that the person who stole their information is not likely to face criminal charges.
[Evan] What?! Are you kidding me? How can this be?
The hotel where their credit card was used, the Excalibur, plans to write off the loss instead of filing a police report.
[Evan] In my opinion, this is a case where ethics should come before a "business case". This seems a little selfish.
According to the Oginskys, Denver Police sent them a letter saying they would not pursue to the case due to a backlog of similar reports unless the hotel would also press charges.
The Revenue Enterprises employee passed a background check before beginning work, the company said.
The Oginskys are troubled that she could still pass that same check in the future.
[Evan] This is huge concern. Due to the fact that there will be no charges filed, there is nothing to stop this crook from doing the same thing in the future. If there is no public record, there is little or no information available to warn future employers.
Commentary:
The fact that the lady who committed this fraud will likely face no consequences (minus a lost job) is a very tough pill to swallow. It would be nice if Excalibur or the Denver police would make an exception in this case. She should face justice.
Past Breaches:
Posted by Evan Francen at 11/23/2008 10:27 PM 
Categories: The Children's Hospital (Denver), Revenue Enterprises, Employee Fraud
Categories: The Children's Hospital (Denver), Revenue Enterprises, Employee Fraud
Posts Atom 1.0
Comments