A former IT employee of Chilton Medical Center has been charged with stealing a hospital computer hard drive containing private patient information and selling it on eBay to a buyer in Wisconsin, according to authorities.
The hospital, part of the Atlantic Health System network, publicly disclosed the theft in December, saying the stolen hard drive may have included an unspecified number of patient names, dates of birth, addresses, medical record numbers, allergies and medications.
The hospital’s statement said medical and financial information and Social Security numbers were not contained on the hard drive. It said there was “no indication” patient information was misused.
POLICE: Teens stole cash, $3K worth of food from East Blackwell Street eatery
GUNS AND DRUGS: Convicted robbers sold handguns, drugs in Dover, police say
Former Chilton employee Sergiu Jitcu, 39, of Saddle Brook, was charged with two counts of computer criminal activity, also called computer theft, and one count each of access and disclosure of data or personal identifying information and theft, according to a release from Morris County Prosecutor Fredric M. Knapp and Pequannock Police Chief Brian C. Spring.
The Prosecutor’s Office was contacted on Nov. 8 by the hospital’s director of security, who reported an employee allegedly stole computer equipment. The Prosecutor’s Office specialized crimes division was advised that the hospital received information from a Wisconsin resident that he bought a computer hard drive on eBay from Jitcu that contained personal identifying information of individuals who may have been treated at Chilton, the release said.
The Prosecutor’s Office ultimately executed a search warrant on Jitcu’s residence and cars, and seized various computer equipment and other items belonging to Chilton Medical Center, the release said.
At least one computer storage medium sold on eBay by Jitcu contained data or data bases with personal identifiers of patients, the release said.
The theft occurred between Jan. 1, 2015 and Nov. 8, 2017. The hospital said in its release information on the hard drive went back a decade, from May 1, 2008 until Oct. 15, 2017.
“Chilton Medical Center is committed to the privacy and security of our patients’ information,” the hospital said in the December statement on its website. “We take patient privacy very seriously and wanted to make our patients aware of a recent incident involving some of that information.”
According to the hospital, an employee removed a computer hard drive from Chilton and sold it online sometime in October. Officials first learned of the matter Oct. 31.
The hospital said in December it had no indication patient information was misused.
“However, we began mailing letters to affected patients on December 15, 2017 and have established a dedicated call center to answer any questions patients may have,” the hospital statement said.
Anyone with questions or believes they are affected but did not receive a letter by Jan. 5, may call 1-855-590-2129 between 9 a.m. and 9 p.m. Monday through Friday.
“This incident is not consistent with our privacy practices,” the Chilton statement said. “While we have policies in place to protect patient information, we have, since this incident, enhanced our processes and controls to help prevent something like this from happening again.”