July 14, 2017: Senior Executives of Medical Drug Re-Packager Plead Guilty to Defrauding Healthcare Providers

OCI Small Clear Seal 


Food and Drug Administration 
Office of Criminal Investigations


President and Pharmacist-in-Charge Distributed Cancer Drugs Contaminated With Mold

Earlier today, in federal court in Brooklyn, Gerald Tighe, the president and owner of Med Prep Consulting Inc. (Med Prep), and Stephen Kalinoski, its director of pharmacy and registered pharmacist-in-charge, pleaded guilty to wire fraud conspiracy in connection with their operation of the now-defunct Tinton Falls, New Jersey-based medical drug re-packager and compounding pharmacy. The pleas were entered before United States District Judge I. Leo Glasser.


The guilty pleas were announced by Bridget M. Rohde, Acting United States Attorney for the Eastern District of New York, and Mark McCormack, Special Agent-in-Charge of the U.S. Food and Drug Administration’s Office of Criminal Investigations, Metropolitan Washington Field Office (FDA/OCI).

According to court filings and facts presented during the plea proceeding, Med Prep processed numerous drugs, including oncology and dialysis drugs, pain medications, anesthesia drugs, and operating room drugs, in purportedly aseptic conditions. In an effort to gain market share, Med Prep repeatedly misrepresented to its customers, who consisted of hospitals and other healthcare providers, that it adhered to, and in some areas exceeded, industry standards and laws applicable to sterile drug preparation. In fact, Med Prep produced drugs in a facility that fell far short of basic industry standards of cleanliness, creating a risk to the health of already ill patients. Tighe and Kalinoski lied to healthcare providers about Med Prep’s failures to comply with basic sterility practices. Med Prep halted its production of drug products in the summer of 2013, following an incident in which it had distributed intravenous drugs containing visible mold to a Connecticut hospital.

“Today’s guilty pleas mark an important step in our continuing effort to hold accountable those who pursue corporate profits over the health and safety of vulnerable patients suffering from disease,” said Acting United States Attorney Rohde. 
In announcing the guilty plea, Ms. Rohde gratefully acknowledged the assistance and cooperation of the United States Department of Health and Human Services, Office of the Inspector General, Office of Investigations; the United States Office of Personnel Management, Office of the Inspector General; the Department of Justice, Civil Division, Consumer Protection Branch and Commercial Litigation Branch; the FDA’s Office of the Chief Counsel; the Office of the Attorney General of New Jersey; and the New Jersey Board of Pharmacy.

“Producing unsafe and contaminated drugs poses a serious threat to the U.S. public health and cannot be tolerated,” stated FDA/OCI Special Agent-in-Charge McCormack. “The FDA remains fully committed to aggressively pursuing those who place unsuspecting American consumers at risk by distributing adulterated drugs.”

The sentencing, Tighe and Kalinoski each face up to five years in prison, a fine and the forfeiture of criminal proceeds. They will also be required to make full restitution to their victims.

The case is being prosecuted by Assistant United States Attorneys Alixandra E. Smith, Ameet B. Kabrawala and Erin E. Argo.

The Defendants:


Age: 59

West Long Branch, New Jersey



Age: 53

Middletown, New Jersey


E.D.N.Y. Docket No. 15-CR-62 (ILG)



Healthcare Fraud




USAO – New York, Eastern



John Marzulli Tyler Daniels United States Attorney’s Office (718) 254-6323



Posted in Security | Leave a comment

Trump Hotels Hit By 3rd Card Breach in 2 Years

Maybe some of you missed this amid all the breach news recently (I know I did), but Trump International Hotels Management LLC last week announced its third credit-card data breach in the past two years. I thought it might be useful to see these events plotted on a timeline, because it suggests that virtually anyone who used a credit card at a Trump property in the past two years likely has had their card data stolen and put on sale in the cybercrime underground as a result.

On May 2, 2017, KrebsOnSecurity broke the story that travel industry giant Sabre Corp. experienced a significant breach of its payment and customer data tied to bookings processed through a reservations system that serves more than 32,000 hotels and other lodging establishments. Last week, Trump International Hotels disclosed the SABRE breach impacted at least 13 Trump Hotel properties between August 2016 and March 2017. Trump Hotels said it was first notified of the breach on June 5.

A timeline of Trump Hotels’ credit card woes over the past two years. Click to enlarge.

According to Verizon‘s latest annual Data Breach Investigations Report (DBIR), malware attacks on point-of-sale systems used at front desk and hotel restaurant systems “are absolutely rampant” in the hospitality sector. Accommodation was the top industry for point-of-sale intrusions in this year’s data, with 87% of breaches within that pattern.

Other hotel chains that disclosed this past week getting hit in the Sabre breach include 11 Hard Rock properties (another chain hit by multiple card breach incidents); Four Seasons Hotels and Resorts; and at least two dozen Loews Hotels in the United States and Canada.


Given its abysmal record of failing to protect customer card data, you might think the hospitality industry would be anxious to assuage guests who may already be concerned that handing over their card at the hotel check-in desk also means consigning that card to cybercrooks (e.g. at underground carding shops like Trumps Dumps).

However, so far this year I’ve been hard-pressed to find any of the major hotel chains that accept more secure chip-based cards, which are designed to make card data stolen by point-of-sale malware and skimmers much more difficult to turn into counterfeit cards. I travel quite a bit — at least twice a month — and I have yet to experience a single U.S.-based hotel in the past year asking me to dip my chip-based card as opposed to swiping it.

A carding shop that sells stolen credit cards and invokes 45's likeness and name. No word yet on whether this cybercriminal store actually sold any cards stolen from Trump Hotel properties.

A carding shop that sells stolen credit cards and invokes 45’s likeness and name. No word yet on whether this cybercriminal store actually sold any cards stolen from Trump Hotel properties.

True, chip cards alone aren’t going to solve the whole problem. Hotels and other merchants that implement the ability to process chip cards still need to ensure the data is encrypted at every step of the transaction (known as “point-to-point” or “end-to-end” encryption). Investing in technology like tokenization — which allows merchants to store a code that represents the customer’s card data instead of the card data itself — also can help companies become less of a target.

Maybe it wouldn’t be so irksome if those of us concerned about security or annoyed enough at getting our cards replaced three or four times a year due to fraud could stay at a major hotel chain in the United States and simply pay with cash. But alas, we’re talking about an industry that essentially requires customers to pay by credit card.

Well, at least I’ll continue to accrue reward points on my credit card that I can use toward future rounds of Russian roulette with the hotel’s credit card systems.

It’s bad enough that cities and states routinely levy huge taxes on lodging establishments (the idea being the tax is disproportionately paid by people who don’t vote or live in the area); now we have the industry-wide “carder tax” conveniently added to every stay.

What’s the carder tax you ask? It’s the sense of dread and the incredulous “really?” that wells up when one watches his chip card being swiped yet again at the check-out counter.

It’s the time wasted on the phone with your bank trying to sort out whether you really made all those fraudulent purchases, and then having to enter your new card number at all those sites and services where the old one was stored. It’s that awkward moment when the waiter says in front of your date or guests that your card has been declined.

If you’re brave enough to pay for everything with a debit card (bad idea), it may be the time you spend without access to cash while your bank sorts things out. It may be the aggravation of dealing with bounced checks as a result of the fraud.

I can recall a recent stay wherein right next to the credit card machine at the hotel’s front desk was a stack of various daily newspapers, one of which had a very visible headline warning of an ongoing credit card breach at the same hotel that was getting ready to swipe my card yet again (by the way, I’m still kicking myself for not snapping a selfie right then).

After I checked out of that particular hotel, I descended to the parking garage to retrieve a rental car. The garage displayed large signs everywhere warning customers that the property was not responsible for any damage or thefts that may be inflicted on vehicles parked there. I recall thinking at the time that this same hotel probably should have been required to display a similar sign over their credit card machines (actually, they all should).

“The privacy and protection of our guests’ information is a matter we take very seriously.” This is from boilerplate text found in both the Trump Hotels and Loews Hotel statements. It sounds nice. Too bad it’s all hogwash. Once again, the timeline above speaks far more about the hospitality industry’s attitudes on credit card security than any platitudes offered in these all-too-common breach notifications.

Further reading:

Banks: Card Breach at Trump Hotel Properties
Trump Hotel Collection Confirms Card Breach
Sources: Trump Hotels Breached Again
Trump Hotels Settles Over Data Breach: To Pay ,000 for 70,000 Stolen Cards
Breach at Sabre Corp.’s Hospitality Unit

Tags: , , , , , , ,

Posted in Security | Leave a comment

July 17, 2017: Leader of $17 Million Health Insurance Fraud Scheme Ordered to Prison

OCI Small Clear Seal 


Food and Drug Administration 
Office of Criminal Investigations


HOUSTON – A 50-year-old Fulshear woman has been sentenced to federal prison for her role as a leader and organizer in a scheme involving the billing of insurance companies for creams containing Ketamine without valid prescriptions, announced Acting U.S. Attorney Abe Martinez. A federal jury convicted Tamara Mitchell Nov. 9, 2016, following a three-day trial. 

“The public expects that the prescription drugs they receive are pursuant to valid prescriptions that are based on a legitimate medical need,” said Special Agent in Charge Spencer E. Morrison of the Food and Drug Administration – Office of Criminal Investigation, (FDA-OCI) Kansas City Field Office. “Our office will continue to pursue and to bring to justices those who jeopardize the public health by engaging in fraudulent schemes to dispense prescription drugs.”


Today, U.S. District Judge Nancy Atlas ordered Mitchell to prison for a total of 14 years to be immediately followed by three years of supervised release. At the hearing, the court heard additional evidence that one of the individuals who received the creams died from Ketamine and Cyclobenzaprine toxicity. Both substances were active ingredients in the creams Mitchell sold. In handing down the sentence, Judge Atlas noted the vast nature of the fraud scheme was one of the worst she had seen in 22 years on the bench.


During trial, the jury heard evidence demonstrating Mitchell was an owner of two pharmacies, Diamond and Save Rite, that sold creams containing controlled substances as part of a marketing scheme rather than for legitimate medical need. Both pharmacies sold these compounded creams containing Ketamine to the public by using pre-signed prescriptions to fill orders for customers who had the “right” insurance plans. The individuals who received the creams were never examined by a doctor and the submissions to the insurance providers contained misrepresentations regarding the medical need.


Mitchell hired a pharmacy technician and pharmacist to conduct the day-to-day operations of the business, while another pharmacist marketed the creams to anyone with an insurance plan that would pay. Diamond Pharmacy paid a physician and nurse practitioner thousands of dollars per month to pre-sign prescription pads without examining patients. Under Mitchell’s direction, Diamond and Save Rite falsely billed insurance companies for more than $17 million in just two years.


Mitchell will remain in custody pending transfer to a U.S. Bureau of Prisons facility to be determined in the near future.


The FDA-OCI and Drug Enforcement Administration conducted the investigation. Assistant U.S. Attorney James McAlister is prosecuting the case.



Healthcare Fraud

Prescription Drugs



USAO – Texas, Southern


Posted in Security | Leave a comment

July 17, 2017: Gloucester Woman Pleads Guilty to Her Role in Counterfeit Steroid Trafficking Scheme

OCI Small Clear Seal 


Food and Drug Administration 
Office of Criminal Investigations


BOSTON – A Gloucester woman pleaded guilty Friday, July 14, 2017, in federal court in Boston for her role in a conspiracy to traffic steroids and launder money.

Melissa Sclafani, 29, pleaded guilty to one count of conspiracy with intent to distribute and distribute counterfeit steroids and one count of conspiracy to launder money. U.S. District Court Judge Nathaniel M. Gorton scheduled sentencing for Oct. 24, 2017.  On April 12, 2017, Sclafani and five others were charged by criminal complaint.

From at least February 2016 until April 12, 2017, Sclafani conspired with others to manufacture steroid products, market them as “Onyx” steroids, and sell them to customers across the United States using email and social media platforms. Customers paid for the steroids via money remitters, such as Western Union and MoneyGram, and members of the conspiracy used false identifications and multiple remitter locations to pick up the steroid proceeds. 

Sclafani obtained materials and supplies to manufacture the counterfeit steroids and served as the corporate secretary of Wicked Tan LLC, a tanning business in Beverly that was owned by two co-conspirators. Sclafani assisted members of the conspiracy in laundering proceeds from the sale of counterfeit steroids through the business.     


The conspiracy charge provides for a sentence of no greater than five years in prison, three years of supervised release, and a fine of up to $250,000 or twice the gain or loss of the conspiracy, and the charge of money laundering conspiracy provides for a sentence of no greater than 20 years in prison, three years of supervised release, and a fine of $500,000 or twice the gain or loss of the conspiracy. Sentences are imposed by a federal district court judge based upon the U.S. Sentencing Guidelines and other statutory factors.


Acting United States Attorney William D. Weinreb; Matthew Etre, Special Agent in Charge of Homeland Security Investigations in Boston; Shelly Binkowski, Inspector in Charge of the U.S. Postal Inspection Service; and Jeffrey Ebersole, Special Agent in Charge of the Food and Drug Administration, Office of Criminal investigation, New York Field Office, made the announcement today. Assistant U.S. Attorneys Amy Harman Burkart and David J. D’Addio of Weinreb’s Cybercrime Unit are prosecuting the case.



Drug Trafficking



USAO – Massachusetts

Posted in Security | Leave a comment

July 6, 2017: North Olmsted Man Charged with Selling Misbranded Drugs

OCI Small Clear Seal 


Food and Drug Administration 
Office of Criminal Investigations


A North Olmsted man was charged in federal court with selling misbranded drugs, Acting U.S. Attorney David A. Sierleja said.

Khaled Farouk Elgayar, 50, received drugs that purported to treat erectile dysfunction and enhance sexual performance in men, including “African Superman,” “Hard Ten Days,” “Herb Viagra,” “libigrow,” “S.W.A.G” and “Triple PowerZEN,” according to the criminal information.

These products contained an undeclared drug ingredient, sildenafil, which is the active ingredient in FDA-approved prescription drugs used to treat erectile dysfunction. The labels of the products Elgayar sold failed to include the name and quantity of the drug ingredient, according to the information.


Undeclared drugs such as sildenafil may have serious potential side effects or may be harmful to consumers with certain pathological conditions. Additionally, undeclared drugs may interact dangerously with other prescription or non-prescription drugs the unwitting consumer might be taking. The labels for the products the defendant provided failed to adequately warn consumers of these contingencies, according to the information.


Elgayar received misbranded drugs and delivered or proffered delivery of those misbranded drugs between January and October 2016, according to the information.


“Disguising prescription drugs as harmless over-the-counter products can lead to serious consequences for unsuspecting buyers with dangerous underlying health conditions. It could also lead to dangerous interactions when combined with other drugs they may be taking,” said Special Agent in Charge Mark S. McCormack, FDA Office of Criminal Investigations, Metro Washington Field Office. “Our office will continue to pursue and bring to justice those who would endanger the public’s health in order to make a quick profit.”


If convicted, the court will determine defendant’s sentence after review of factors unique to this case, including the defendant’s prior criminal record, if any, the defendant’s role in the offense, and the characteristics of the violations. In all cases, the sentence will not exceed the statutory maximum and, in most cases, it will be less than the maximum.


The matter is being prosecuted by Assistant U.S. Attorneys Megan R. Miller and Michael L. Collyer following an investigation by the Food and Drug Administration.


An information is only a charge and is not evidence of guilt. A defendant is entitled to a fair trial in which it will be the government’s burden to prove guilt beyond a reasonable doubt.



USAO – Ohio, Northern



Mike Tobin 216.622.3651 michael.tobin@usdoj.gov

Posted in Security | Leave a comment