A former medical records tech stole PII that was then used to fraudulently claim DoD and VA benefits, particularly targeting disabled veterans.
More than 3,300 U.S. military service members, military dependents and civilians employed by the Department of Defense were compromised as part of a transnational cybercrime ring created to defraud them out of $1.5 million in military benefits from the DoD and the Department of Veterans Affairs.
A former civilian medical records technician and administrator with the U.S. Army was at the center of the scheme, according to court documents filed in the U.S. District Court for the Western District of Texas. Fredrick Brown, a Las Vegas resident, was sentenced to 12 and a half years in prison last week, after admitting that between July 2014 and September 2015, he stole personally identifiable information (PII) for thousands of people.
In his capacity as a records technician, Brown had access to a military electronic health records database. He admitted that he took screenshots to pilfer names, Social-Security numbers, military ID numbers, dates of birth and contact information from the victims.
He sent the information to a Philippines-based co-defendant, Robert Wayne Boling Jr., he said. Boling and associates then used the data to access DoD and benefits sites and steal millions of dollars, according to the court documents.
As part of its nefarious work, the ring particularly targeted disabled veterans, who were selected because they were eligible for more service-related benefits, court officials said.
“The defendant brazenly preyed on and victimized U.S. servicemembers and veterans, many of whom were disabled and elderly,” said U.S. Attorney Ashley C. Hoff for the Western District of Texas, in a media statement. “As part of our mission, we strive to protect these honorable men and women from fraud and abuse. If fraudsters target our servicemembers and veterans, we will seek to identify them and hold them accountable. This office will continue to zealously investigate and prosecute perpetrators of these schemes.”
In addition to 151 months of prison time, Chief Judge Orlando Garcia ordered Brown to pay $2.3 million in restitution. He’ll also be placed on supervised release for three years after he gets out.
“Rather than honoring those servicemembers and veterans who sacrifice for them, the defendant and his co-conspirators targeted and stole from these brave men and women in a years-long fraud scheme,” said Acting Assistant Attorney General Brian Boynton of the Justice Department’s Civil Division. “Such conduct is an affront to the United States and will not be tolerated.”
The efforts to bring the ring’s participants to justice are ongoing: In July 2020, Garcia sentenced Brown co-defendant and accomplice Trorice Crawford to 46 months in federal prison, a fine of $103,700 and a three-year supervised release post-jail. Brown worked with Crawford to recruit money mules — individuals who would deposit the stolen funds into their bank accounts and then send the funds through international wire remittance services to the fraudsters in a money-laundering operation, according to the court..
U.S. service members have been victims of PII exposure in the past. In May for example, a database filled with the medical records of nearly 200,000 U.S. military veterans was exposed online by a vendor working for the VA, and an analyst found that it might have been exfiltrated by ransomware attackers.
Check out our free upcoming live and on-demand webinar events – unique, dynamic discussions with cybersecurity experts and the SACUT community.