Identity theft: It could happen to anyone

Susan Harrison has put scores of identity thieves behind bars as a federal prosecutor in Seattle for the past 16 years.

So when thousands of dollars suddenly disappeared from her and her husband's checking account in December, she understood that even an assistant U.S. Attorney can become an identity-theft victim.

"There are so many ways they can get our information," Harrison said. "They are clever people."

Harrison's husband, it turns out, was one of 42 people whose personal information was stolen by a sophisticated identity-theft ring that stole patient data from Virginia Mason Medical Center's main Seattle campus and its sports-medicine clinic between May 2005 and Sept. 17.

Harrison told her story Wednesday as part of an effort by federal, state and local law-enforcement agencies to raise awareness about the large and growing problem of identity theft in Washington state, and to encourage businesses and organizations to do a better job of safeguarding sensitive data under their control.

"Washington state ranks seventh in the U.S. for identity theft," U.S. Attorney John McKay said during a news conference. "That's something we're not proud of."

To combat the problem, McKay created an identity-theft working group 18 months ago with representatives from a broad array of federal, state and local agencies. Participants range from the Secret Service to the Washington Department of Licensing to the King County Sheriff's Office.

McKay said the group is focused on three especially damaging classes of identity theft: "insider" cases, in which a current or former employee steals personal information from an organization's files; organized criminal rings that employ drug addicts and petty criminals to steal mail and other depositories of data; and repeat offenders.

Attorney General Rob McKenna said he plans to propose legislation to allow Washington residents to freeze unauthorized access to their credit reports as a preventive measure, instead of waiting until after their personal information has been stolen.

"That's like saying you're only allowed to put a deadbolt on your house after it's been broken into," McKenna said.

McKenna outlined several simple steps that businesses can take to better prevent thefts of personal information. Among them:

• Limit the number of employees with access to personnel files.

• Truncate employees' Social Security numbers in company files.

• Conduct more thorough background checks of prospective employees, to screen out people with criminal histories or drug problems who could be prone to identity theft.

Individuals who suspect their personal data may have been stolen should immediately contact their bank and begin monitoring their personal credit reports, McKenna said.

The insider cases are especially nefarious and difficult to combat, McKay said.

At Virginia Mason, two former employees allegedly used fake ID badges to enter Virginia Mason facilities at night and lift data from the files of patients who had appointments the next day.

Virginia Mason said in a statement it is working with federal and local law-enforcement agencies to investigate a large, organized identity-theft ring that preyed on several local companies.

After accessing her husband's file, Harrison said, the thieves created a fake driver's license using his personal information and began making withdrawals from the family's bank accounts.

The perpetrators even called Harrison at home to confirm that she had put a hold on her accounts to prevent future withdrawals.

"It just shows how brazen they are," she said. "They think they're invulnerable."

David Bowermaster: 206-464-2724 or dbowermaster@seattletimes.com