Mount Carmel Medical Group Data Breach (2016)

Investigators say an organized crime ring in central Ohio compromised thousands of people who sought medical or legal services. Police arrested roommates Johnathan Knapp and Justin Goins in the spring of 2016 when they say the two used a stolen credit card to stay one night at the Hilton Hotel downtown. But when conducting a series of search warrants on them months later in the winter, police found 4,000 files belonging to non-profit organizations and medical offices in central Ohio, including patient files belonging to the Mount Carmel Medical Group. Prosecutors say the two would target specific storage units in central Ohio where they knew the files were located. At Public Storage in Westerville, the unit of a retired dentist was hit where court documents state he "kept all of his clients' files." Client files of the non-profit Impact Community Action were also stolen from its storage unit.The agency that provides social services to the poor sent this statement to ABC 6/FOX 28 about their part in this investigation. "In May 2016, law enforcement officials from the Whitehall Police Department alerted us to an ongoing multi-jurisdictional investigation involving a series of break-ins at storage units maintained at an off-site facility. Law enforcement officials also informed us that our locked storage unit was among those broken into during these burglaries and that certain files containing client information were stolen from our unit. To date, the majority of those files have been recovered. Based on our investigation and the information provided to us by law enforcement, we have determined that this situation only affects a limited number of clients. IMPACT has notified all potentially affected individuals about this situation, through written notification via U.S. Mail. The notification includes actions individuals can take to help protect their personal information, along with an offer for a credit monitoring and identity theft protection service membership, provided by IMPACT at no cost to them." - CEO, Mr. Robert “Bo” Chilton Police say the files obtained from Mount Carmel came from printing out copies from an office computer while visiting the office. The medical group released this statement to ABC 6/FOX 28. "We are aware of the theft and have been working closely with the Whitehall Police Department from the beginning of the investigation. Protecting our patients' privacy and the security of their information is one of Mount Carmel Health System’s top priorities. We have notified all patients who we believe may have been impacted by the theft, as well as offered free credit monitoring services to help minimize risk. During the investigation, Mount Carmel provided all related information and collaborated with Whitehall police. Because of their thorough investigation, the stolen documents were confiscated by Whitehall police, and the originals were returned to us. At this time, we have no evidence that any patient’s information has been further compromised due to this theft. We take our patients' privacy seriously and work hard to safeguard their personal health information." Police say once Knapp and Goins collected the 4,000 files of data, they consulted a freelance IT worker to determine what do to with the names. That IT worker told police he knew the two suspects through methamphetamine use and copied other client accounts while hired at a tax attorney's office in the Short North. Police say all the suspects opened numerous credit cards and bank accounts with the stolen data and prosecutors are still trying determine whose data they used and how many funds they collected.