The Bronx, NY – A former hospital clerk and an accomplice are facing serious federal charges after allegedly using stolen patient identities to fraudulently collect more than $1.6 million in COVID-19 relief funds, tax refunds, and unemployment benefits, federal prosecutors announced.
Over 4,000 Patient Records Misused
According to the U.S. Attorney for the Southern District of New York, Wilkins Estrella exploited his access to the hospital’s patient database for over two years, stealing Social Security numbers and other personally identifiable information (PII) from more than 4,000 individuals.
Estrella and co-defendant Charlene Marte allegedly used the stolen data to open hundreds of debit cards, which they then used to collect COVID-19 stimulus checks, IRS tax refunds, and New York State unemployment insurance benefits, according to Pix11.
Funds Funneled to Personal and Family Addresses
Federal investigators say the stolen funds were loaded onto debit cards and mailed to the homes of the defendants and family members. This tactic allowed the pair to conceal the scale of the fraud, while laundering money through personal spending and bank accounts.
“These defendants misused sensitive identifying information to perpetuate this illicit scheme and reap unlawful proceeds,” said FBI Assistant Director in Charge Christopher G. Raia.
Estrella was eventually fired in 2020 after an internal hospital audit uncovered unauthorized access to patient records.
Serious Federal Charges and Penalties
Both Estrella and Marte have pleaded guilty to conspiracy to commit wire fraud and bank fraud. Estrella also pleaded guilty to wrongful disclosure of individually identifiable health information, a serious violation of HIPAA regulations.
If convicted, they each face 30 to 40 years in federal prison, reflecting the scale and severity of their crimes.
Dangers of Healthcare Identity Theft
Healthcare data breaches and insider abuse pose unique threats to public trust. Unlike stolen credit card numbers, medical records and Social Security numbers can be used for long-term fraud, including tax and insurance scams.
Hospitals are being urged to adopt:
- Stricter access controls
- Real-time monitoring systems
- Frequent internal audits
These steps are essential to protecting patient privacy and maintaining compliance with HIPAA and federal cybersecurity standards.
What are your thoughts on internal data breaches in hospitals? Should penalties be even harsher? Join the discussion in the comment section below.
