Cautionary tales ripped from the headlines.
Often truth is stranger than fiction.
There is certain conduct that one simply cannot make up. Dubbed the “money mule” in the February 16th U.S. Department of Justice (DOJ) Press Release, a woman from Orange County, California was “charged in a six-count federal grand jury indictment alleging she laundered money directly from fraud victims who were tricked into sending the funds to financial accounts she controlled rather than to the victims’ intended recipients.” Essentially, acting as an intermediary to “carry” funds from the victims to the cybercriminals, just like a “mule” who illicitly acts as a middleman between a drug supplier and a dealer.
The perpetrator was arrested, pled not guilty, paid a $50,000 bond, and has a trial date set for April 11, 2023. Here are some of the key highlights from the court documents:
In criminal law, a defendant is presumed innocent unless proven guilty beyond a reasonable doubt. If the perpetrator is convicted on all counts, she would face a statutory maximum of 20 years in federal prison for each money laundering count and up to 10 years in prison for each illegal monetary transactions count.
Although the primary focus is money laundering, since electronic and stored communications were utilized, it may have been possible for liability to be premised on violations of other laws such as the Stored Communications Act or the Travel Act. In sum, social engineering is a common technique employed by cybercriminals and it is imperative for covered entities, business associates, and any person creating, receiving, maintaining, or transmitting protected health information to include the various types of social engineering in training, as well as raise awareness about the downstream fraud that can occur if sensitive information is “poached” and utilized for personal gain or to impugn/extort a patient.
Rachel V. Rose, JD, MBA, advises clients on compliance, transactions, government administrative actions, and litigation involving healthcare, cybersecurity, corporate and securities law, as well as False Claims Act and Dodd-Frank whistleblower cases.