Orlando Jemmott, 52, worked at the hospital for 12 years from March 2006 to April 2018 and was given access to patient health histories in order to carry out his official work duties. Jemmott was required to save patient information on the hospital’s database including demographic data and information on patients’ symptoms and health problems.
In June 2017, the FBI were advised that Jemmott was stealing patient data and selling the data to another person. The woman alleged the information was being shared via the WhatsApp encrypted messaging app. The woman took Jemmott’s mobile phone from his house and gave it to the FBI along with a photo from his WhatsApp profile. A warrant was then obtained by the FBI to search the phone in question. The search showed hundreds of messages between Jemmott and an individual in Pennsylvania who was subsequently named as Ron Pruitt.
Those messages included more than 180 combinations of patient names and phone contact details, which were shared from Jemmott to Pruitt between December 2014 and April 2015. According to court documents, the identities of at least 100 people have been confirmed. The hospital has revealed that 98 of those people were patients at the hospital at the time of the breach. The hospital also revealed that in 88 of the 98 cases, the records of patients had been viewed without official permission.
The whistleblower also gave paper copies of health information to the FBI which had been printed out between December 2016 and June 2017. The printouts included the protected health information of 49 people, which the hospital confirmed was downloaded from its electronic health record database.
Jemmott was arrested in February 2018, had his position at the hospital terminated in April, and has since been released on an $80,000 bond. Pruitt was arrested in early September by the FBI. Both individuals are trying to negotiate plea deals. So far it is not obvious what the disclosed protected health information was used for.