Sandy Montano
Deer Park Dental, PLLC
P.O. Box 18184
Spokane, WA 99228
Phone | Fax
Email
Plaintiff in pro per
IN THE UNITED STATES DISTRICT COURT
FOR THE EASTERN DISTRICT OF WASHINGTON
SANDY MONTANO,
Plaintiff,
vs.
HEATHER DAWN VINCENT; BROOKLYN
KENNEDY; AND MALENA PALMER,
Defendant
Case No.: Number
PLAINTIFF’S ORIGINAL COMPLAINT
NOW COMES Sandy Montano, Plaintiff, and files this Complaint against Defendants Heather
Dawn Vincent, Brooklyn Kennedy and (Dental Assistant), and for cause, would show this
Honorable Court as follows:
A. PARTIES
1. Plaintiff Sandy Montano is a male adult of sound mind and a law-abiding citizen whose
address is Deer Park Dental, P.O. Box 18184, Spokane, WA 99228.
2. Defendant Heather Dawn Vincent (hereinafter referred to as “Heather”) is a female adult
of sound mind whose address is P.O. Box 197, Wallace, ID 83873.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
PLAINTIFF’S ORIGINAL COMPLAINT – 2
3. Defendant Brooklyn Kennedy (hereinafter referred to as “Brooklyn”) is a female adult of
sound mind whose address is P.O. Box 116, Valley, WA 99181.
4. Defendant Malena Palmer is a female adult of sound mind whose address is 38910 N. Short
Rd., Deer Park, WA 99006.
B. JURISDICTION AND VENUE
5. This Court has subject matter jurisdiction under 28 U.S. Code § 1332 (diversity of
citizenship). Plaintiff resides in the State of Washington and Defendant Heather Dawn
Vincent resides in the State of Idaho.
6. Venue is proper in this Court in accordance with 28 U.S. Code §1391(b) which states that:
“A civil action may be brought in – (2) a judicial district in which a substantial part of the
events or omissions giving rise to the claim occurred.” The causes of action in this
Complaint took place within the Eastern District of Washington.
C. STATEMENT OF FACTS
7. Sandy is the proprietor of Deer Park Dental, PLLC. He is licensed to practice dentistry in
the State of Washington. At all times in this Complaint, Defendants were all employees of
Sandy.
8. Sandy was in a relationship with Heather. At the same time, Heather worked at Sandy’s
practice as the Manager of Deer Park Dental, PLLC.
9. During her time at Deer Park Dental, PLLC, Heather used funds belonging to the company
for her own personal use without written authorization. She did not reimburse the funds.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
PLAINTIFF’S ORIGINAL COMPLAINT – 3
10. Heather repeatedly defrauded the company by failing to record payments made by clients
in the software system. That caused Deer Park Dental, PLLC huge financial losses.
11. The romantic relationship between Sandy and Heather ended in October 2021. That also
meant that Heather would stop working at Deer Park Dental, PLLC. Sandy requested
Heather to return all of her access to the following business emails:
social.deerparkdental@gmail.com and dpdmanager@gmail.com as well as passwords that
were assigned to Heather by Sandy.
12. The following day after Heather left her employment at Deer Park Dental, she intentionally
changed the passwords, and she became the only person with access to the emails. In those
emails were confidential records of patients of Deer Park Dental. Heather also changed the
Facebook and Instagram passwords of Deer Park Dental.
13. Sandy made multiple respectful requests to Heather to return all the passwords but she
declined to do so. Sandy had to make a report at the cybercrime’s unit. Sandy chose to let
the Facebook account remain locked.
14. Heather’s repeated refusal to surrender the passwords led to the shutdown and resets of
Deer Park Dental including Washington Healthcare Authority and all dental insurances
passwords and access, causing full closure and paralysis of Sandy’s dental practice.
15. Heather submitted false reports to government officials including, but not limited to, Apple
Health, Washington Healthcare Authority, Department of Licensing, Department of
Revenue, Department of Health, and the Spokane Police Department. She also submitted
false information to acquire Washington health insurance by using Sandy’s address when
she resides in Idaho.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
PLAINTIFF’S ORIGINAL COMPLAINT – 4
16. As Sandy’s employee, Heather had a duty of confidentiality. Under HIPAA, she was not
required to share confidential information.
17. On November 16, 2021, Brooklyn intentionally took forms and documents belonging to
Deer Park Dental. She also took a routing slip containing specific patient information
outside the premises of Deer Park Dental.
18. On November 16, 2021, Brooklyn trespassed by entering the premises of Deer Park Dental
and barged in Sandy’s office. Earlier, she had intentionally called 911 and falsely accused
Sandy to the local authorities.
19. When Brooklyn barged in, she made false statements against Sandy to Officer Garza of the
Spokane Sheriff’s Department that eventually hurt his practice.
20. On September 29, 2021, Sandy informed Malena that she had violated infection control
WAC 246-817-600 when she left bloody disposable suction on the dental unit. She then
took a photo of the disposable suction. Sandy explained the proper procedures to Malena.
21. On October 23, 2021, Sandy again held a safety meeting regarding Malena’s
insubordination in not following job position protocols, standard of care as well as several
instances of infection control mistakes. Malena also acted unprofessionally in front of
patients and staff. Sandy documented all these instances in Malena’s employee
performance evaluation.
22. When Sandy had food poisoning on November 2, 2021, Malena claimed that he had food
poisoning and even went ahead to “cancel” patients without any basis, authority or
permission.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
PLAINTIFF’S ORIGINAL COMPLAINT – 5
23. On November 13, 2021, Sandy discussed Malena’s unprofessionalism and insubordination
with her. He explained that if she did not change, her employment would be terminated.
On November 16, 2021, Malena quit her employment.
24. Plaintiff contracted the firm of Hiltz & Associates to conduct a forensic audit of the
accounts of Sandy’s office and determine the amount of money that had been embezzled.
After the investigation, it was reported that sums of $28,248 of cash receipts collected by
Sandy’s practice between May 2021 and October 2021 were not deposited into the
practice’s financial institution. Exhibit 1. The audit was conducted by Mr. William Hiltz,
an adviser and consultant on embezzlement, healthcare fraud, audits, technology, practice
transitions, dental practice mergers/acquisitions and operational matters. The foregoing
sums were misappropriated by Heather.
25. Through counsel, Sandy wrote demand letters cautioning Defendants against tarnishing his
name and reputation by filing baseless complaints that contained unfounded lies and
misrepresentations of facts. Exhibit 2.
26. On April 29, 2022, Sandy sent a complaint to Assistant U.S. Attorneys Daniel Fruchter and
Tyler Tornabene and Special Agent Ryan Butler regarding the following criminal activities
by Heather: violation of HIPAA contrary to 42 U.S.C. § 1320d-6(a), identity theft contrary
to 18 U.S.C. § 1028(a)(7), violation of Computer Fraud and Abuse Act, accessing to
defraud and obtain value contrary to 18 U.S.C. § 1030(a)(4) and wire fraud contrary to 18
U.S.C. § 1343. Exhibit 3.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
PLAINTIFF’S ORIGINAL COMPLAINT – 6
D. CAUSES OF ACTION
Theft by Conversion
27. Plaintiff hereby incorporates the facts in Paragraphs 7-17 as though set out in full herein.
28. “To prevail on a claim for conversion, a plaintiff must prove the following elements: (1)
that the defendant willfully interfered with a chattel; (2) that the defendant acted without
lawful justification; (3) that the plaintiff was entitled to possession of the chattel; and (4)
that the plaintiff was deprived of such possession.” Armijo v. Yakima HMA, LLC, et. al.,
868 F. Supp. 2d 1129 (2012).
29. Heather had access to the emails and passwords as long as she was an employee of Deer
Park Dental. Her access was revoked by Plaintiff when he asked her to return them after
she quit her employment at Deer Park Dental. Her actions of changing the passwords to
the emails and social media accounts amount to unlawful access.
30. There was no legal justification for Heather to retain access to the emails and passwords
after she had quit her employment. Her access was revoked by Plaintiff after she quit her
employment.
31. Plaintiff was entitled to access to the emails and passwords. Plaintiff granted Heather
access to the passwords and wished to have them back so that he could continue running
the affairs of Deer Park Dental.
32. Heather deprived Plaintiff of possession of the emails and passwords that contained
sensitive information crucial to the operation of Deer Park Dental. As a result of Heather’s
failure to surrender the emails and passwords back to Plaintiff, Plaintiff was unable to
continue running the operations of Deer Park Dental and he had to close down his dental
practice.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
PLAINTIFF’S ORIGINAL COMPLAINT – 7
33. Heather failed to deposit cash receipts collected worth $28,248 into Sandy’s practice
financial institution and instead used the money for her own personal use. Using profits
from Sandy’s practice for her own use amounts to unlawful access of funds from Sandy’s
practice. There is no legal justification whatsoever for Heather taking funds from Sandy’s
practice for her own personal use. Sandy was entitled to the sum of $28,248 that Heather
took because the money was profit from his practice. Heather deprived Sandy of $28,248.
As a result of theft by Heather, Sandy was unable to continue running his dental practice
due to insufficient funds to do so.
34. Heather is liable for theft by conversion.
35. Brooklyn took possession of the forms, documents and a routing slip containing
confidential information. She had no access because she had left her employment at Deer
Park Dental. There was no reason for Brooklyn to have access to the forms, documents,
and the routing slip. As the proprietor of Deer Park Dental, Plaintiff was entitled to the
forms, documents and routing slip so that he could continue to run Deer Park Dental after
Brooklyn quit her employment. Plaintiff was unable to continue running Deer Park Dental
without the documents, forms, and the routing slip.
36. Brooklyn is liable for theft by conversion.
Unjust Enrichment
37. Plaintiff hereby incorporates the facts and allegations in Paragraphs 7-26 as though set out
in full herein.
38. “The elements of an implied contract unjust enrichment claim are (1) the defendant
receives a benefit, (2) the benefit is received at the plaintiff’s expense, and (3) the
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
PLAINTIFF’S ORIGINAL COMPLAINT – 8
circumstances make it unjust of the defendant to retain the benefit without payment.”
Coordes v. Wells Fargo Bank, No. 2:19-CV-0052-TOR (Dist. Court, ED Washington
2019).
39. Heather received a benefit from Deer Park Dental when she channeled money meant for
the company’s operation towards her personal use and failed to enter payments made by
patients in the software system. The total sum she took from Sandy’s practice was $28,248.
40. Heather misappropriated the company’s funds, leading to the closure of Plaintiff’s practice
under Deer Park Dental as he was unable to continue running the operations of Deer Park
Dental without the funds that Heather had misappropriated.
41. It would be unjust to allow Heather to continue to keep the funds she embezzled from thee
company. Heather is liable for unjust enrichment.
Defamation
42. Plaintiff hereby incorporates the facts and allegations in Paragraphs 7-31 of this Complaint
as though set out in full herein.
43. “The elements a plaintiff must establish in a defamation case are falsity, an unprivileged
communication, fault and damages.” Mohr v. Grant, 153 Wash.2d 812, 822, 108 P.3d 768,
773 (2005). Defendants provided false information to the Dental Quality Assurance
Commission that Plaintiff failed to maintain proper infection control standards to include
using used gloves, instruments, x-ray barriers, and towels, and failing to maintain clean
water lines. Defendants also falsely stated that Plaintiff mixed topical gel with external use
only Lidocaine, mixed powered charcoal with toothpaste to make a prophy paste, and
violated HIPAA by sending records out of the country for billing.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
PLAINTIFF’S ORIGINAL COMPLAINT – 9
44. As a result of the defamation by Defendants, Plaintiff suffered by having to close down his
practice as he could not be able to run it anymore.
45. “Publication of a defamatory statement to someone other than the person defamed is
essential to liability.” Doe v. Gonzaga Univ. ̧ 143 Wash.2d 687, 701, 24 P.3d 390 (2001),
rev’d on other grounds, 536 U.S. 273, 122 S.Ct. 2268, 153 L.Ed.2d 309 (2002). Defendants
published defamatory statements against Plaintiff to the Dental Quality Assurance
Commission.
46. “Actual malice exists when a statement is made with knowledge of its falsity or with
reckless regard of its truth or falsity.” Gonzaga, 143 Wash.2d at 703, 24 P.3D 390.
Defendants knew that the information they provided to the Dental Quality Assurance
Commission was false but they still proceeded and disseminated it.
Intentional Interference with Prospective Business Relations
47. Plaintiff hereby incorporates the facts and allegations in Paragraphs 7-34 of this Complaint
as though set out in full herein.
48. “To carry its tortious interference claim, Plaintiff must show (1) the existence of a valid
contractual relationship or business expectancy; (2) that defendants had knowledge of that
relationship; (3) an intentional interference inducing or causing a breach or termination of
the relationship or expectancy; (4) that defendants interfered for an improper purpose or
used improper means; and (5) resultant damages.” Fidelitad, Inc. v. Insitu, Inc., No. 13-
CV-3128-TOR (2014).
49. Plaintiff had a dental practice under Deer Park Dental. The practice was doing well and
had several employees, among them Defendants. Plaintiff had clients throughout. It is a
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
PLAINTIFF’S ORIGINAL COMPLAINT – 10
reasonable expectation that his practice would have gone to attract more clients. Being
employees of Deer Park Dental, Plaintiff’s practice, Defendants were aware of the
prospective business that Deer Park Dental.
50. Defendants’ actions interfered with Plaintiff’s prospective business. Heather’s refusal to
surrender the emails and passwords back to Plaintiff after she left her employment
hampered Plaintiff’s ability to continue running Deer Park Dental, and Plaintiff had to close
his practice. Plaintiff could no longer get prospective business as a result of Heather’s
refusal to return the emails and passwords that contained information which is sensitive
and confidential.
51. Brooklyn’s unlawful taking of forms, documents and routing slip from Plaintiff’s office
hampered Plaintiff’s ability to continue running Deer Park Dental. As a result, he had to
close his practice. Plaintiff’s potential business was hampered by Brooklyn’s actions.
52. Malena’s actions of purposely leaving bloody disposable suction on the dental unit and
taking a photo of it were meant to portray negligence in Sandy’s practice. She knew that if
she succeeded in portraying Sandy as negligent, his practice would be closed. Malena also
knew that no patient would accepted to be treated by Sandy if she lied that Sandy had
Covid-19 instead of food poisoning.
53. Defendants did not have any justifiable reason to do maintain unlawful possession of
Plaintiff’s emails, passwords, forms, and routing slip collectively. Defendants are liable for
intentional interference with prospective business relations.
Trespass
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
PLAINTIFF’S ORIGINAL COMPLAINT – 11
54. Plaintiff hereby incorporates the facts and allegations set out in Paragraphs 4-40 of this
Complaint as though set out in full herein.
55. Under RCW 9A.52.080, a person is guilty of criminal trespass in the second degree if he
or she knowingly enters or remains unlawfully in or upon premises of another under
circumstances not constituting criminal trespass in the first degree. RCW 9A.20.021 further
states that as a misdemeanor, a conviction may carry a penalty of up to 90 days in jail
and/or up to a $1,000 fine.
56. Brooklyn intentionally and unlawfully entered the premises of Plaintiff’s practice. She was
unlawfully there because she had quit her employment at Deer Park Dental. She continued
to remain in the premises and even took some forms, documents and the routing slip.
57. Brooklyn is liable for trespass.
E. PRAYER FOR RELIEF
REASONS WHEREFORE, Plaintiff respectfully requests this Honorable Court to grant him the
following reliefs:
a. Grant judgment in favor of Plaintiff;
b. Issue an order of specific performance compelling Heather Dawn Vincent to return the
misappropriated funds in the sum of $28,248;
c. Issue an order of specific performance compelling Heather Dawn Vincent to surrender
access to the following emails: social.deerparkdental@gmail.com and
dpdmanager@gmail.com as well as passwords to Facebook and Instagram accounts that
were assigned to her by Sandy Montano;
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
PLAINTIFF’S ORIGINAL COMPLAINT – 12
d. Issue an order of specific performance compelling Brooklyn Kennedy to return to Plaintiff
forms, documents, and the routing form she had taken from Sandy Montano’s office;
e. Award Plaintiff damages for conversion, unjust enrichment, defamation, intentional
interference with prospective business relations, and trespass;
f. Award Plaintiff punitive damages;
g. Award Plaintiff pre and post judgment interests, costs of this suit, and attorney fees as
allowed by law;
h. Award Plaintiff such equitable relief as may be appropriate under the circumstances; and
i. Award such further relief as this Honorable Court deems necessary and proper.
Dated this ___ day of _______________, 2022.
Respectfully Submitted,
___________________________________
Sandy Montano,
Plaintiff in pro per
EXHIBIT 1
ALL RIGHTS RESERVED.
No part of this report may be reproduced by any means without prior written consent of Hiltz & Associates.
Prepared for:
DR SANDY FLETCHER MONTANO DDS PLLC
June 14, 2022
Tel: (201) 503-3742
Fax: 855-440-8624
Email: hello@hiltzandassociates.com
Insight • Diligence • Assurance Web: www.hiltzandassociates.com
June 14, 2022
Dr. Sandy, Montano
DR SANDY FLETCHER MONTANO DDS PLLC
118 E Crawford St # 8
Deer Park WA 99228-0184
SUBJECT: REPORT OF FINDINGS
SENT BY EMAIL: sandymontanodds@gmail.com
Dear Dr. Montano,
Attached is a report of findings from my fraud examination of your business records and data obtained
your Open Dental practice management software.
My findings are based on the procedures completed as described herein, and are subject to the scope,
limitations, and restrictions as set forth in the Examination Restrictions and Limitations section of the
report.
My report is suitable for submission to your employee dishonesty insurer in support of your loss claim.
IMPORTANT: information in this report and report annexes may be protected by HIPAA privacy laws.
If you are making a claim for employee dishonesty, I recommend that you redact my report to remove
any protected by HIPAA privacy legislation; or obtain a Business Associate Agreement from your
employee dishonesty insurance company to ensure compliance.
www.hiltzandassociates.com
This report and its accompanying Annexes are strictly confidential Page 2 of 16
All Private Healthcare Information contained herein is protected by HIPAA Privacy Laws
It has been a pleasure working with you.
Should you have any questions or concerns now or in future, please do not hesitate to contact me at
201-503-3742.
Sincerely,
William Hiltz BSc MBA CET
CEO, Hiltz and Associates
Creator of Dental FraudBusters
Dental FraudBusters Dentistry’s most popular practice protection resource.
Visit: www.dentalfraudbusters.com
www.hiltzandassociates.com
This report and its accompanying Annexes are strictly confidential Page 3 of 16
All Private Healthcare Information contained herein is protected by HIPAA Privacy Laws
Table of Contents
Background ……………………………………………………………………………………………………………………………4
SUMMARY……………………………………………………………………………………………………………………………..4
FRAUD EXAMINATION PROCEDURES …………………………………………………………………………………….4
AREAS NOT EXAMINED……………………………………………………………………………………………………….4
EXAMINATION RESTRICTIONS & LIMITATIONS. ……………………………………………………………………….5
SOURCES OF INFORMATION ………………………………………………………………………………………………..6
EMPLOYEE ALLEGED RESPONSIBLE FOR LOSSES ………………………………………………………………………6
FRAUD EXAMINATION FINDINGS ……………………………………………………………………………………………….7
BILLING AND PAYMENTS……………………………………………………………………………………………………..7
EXAMINATION – OPEN DENTAL SOFTWARE…………………………………………………………………………..8
EXAMINATION – QUICKPAY ………………………………………………………………………………………………..9
CONSOLIDATED PRODUCTIONS AND COLLECTIONS ……………………………………………………………….9
RECORDED COLLECTIONS AND BANK DEPOSITS …………………………………………………………………….10
SEGMENTATION OF COLLECTIONS AND DEPOSITS ………………………………………………………………. 10
OBSERVATIONS AND REMARKS ………………………………………………………………………………………………. 11
EXAMINER REMARKS…………………………………………………………………………………………………………….. 13
ANNEX A – William Hiltz………………………………………………………………………………………………………… 14
SUMMARY OF EDUCATION ………………………………………………………………………………………………..14
SUMMARY OF EXPERIENCE………………………………………………………………………………………………..14
ANNEX B – Pre-Investigation Questionnaire.pdf ………………………………………………………………………… 15
ANNEX C1 – VINCENT SSN AND DL.pdf ……………………………………………………………………………………… 15
ANNEX C2 – VINCENT Employment Record.pdf ………………………………………………………………………….. 15
ANNEX D – External Report Final_Copy.pdf ………………………………………………………………………………. 15
ANNEX E – Washington Trust Account 1001039450.pdf ………………………………………………………………. 15
ANNEX F – Numerica Credit Union Account 957715.pdf ……………………………………………………………… 15
ANNEX G – Open Dental Annual Production and Income 2021.pdf ………………………………………………… 15
ANNEX H – Montano Worksheets.xlsx ……………………………………………………………………………………… 15
ANNEX I – Montano Statutory Declaration.pdf …………………………………………………………………………… 15
ANNEX J – OD securitylog.xlsx …………………………………………………………………………………………………. 15
Annex K – Numerica Deposit Tickets 2021.pdf……………………………………………………………………………. 15
www.hiltzandassociates.com
This report and its accompanying Annexes are strictly confidential Page 4 of 16
All Private Healthcare Information contained herein is protected by HIPAA Privacy Laws
Background
DR SANDY FLETCHER MONTANO DDS PLLC (the “Practice”) engaged Hiltz & Associates on February 24,
2022 to conduct a fraud examination to determine if financial misconduct was occurring in the Practice.
I was the person responsible for this work and proceeded to collect the business and clinical records
required to support my examination.
This work involved an examination of the Open Dental billing and payment software, bank records,
merchant service statements and other information as outlined in the “Sources of Information” section
of this report.
SUMMARY
My opinion, subject to the conditions noted herein is that as much as $28,248 of cash receipts collected
by the Practice during the period of May 2021 to Oct 2021 were not deposited to the Practice’s financial
institution.
FRAUD EXAMINATION PROCEDURES
My examination consisted of the following:
1. Comparing and looking for discrepancies between the information obtained from external third
parties and data obtained from the Open Dental practice management software.
2. Examining transactions recorded in the Open Dental practice management software to look for
records that were created, modified, deleted, or altered to conceal fraud or embezzlement.
3. Other examination procedures as noted herein.
AREAS NOT EXAMINED
In accordance with the terms of our engagement, I did not examine the following items.
• Payroll Fraud:
o I did not examine payroll records to determine if employees were intentionally overpaid
or whether any ghost employees were created and received payroll disbursements.
• Bonus Plan Abuse
o I did not test any bonus plan in place for manipulation by employees.
www.hiltzandassociates.com
This report and its accompanying Annexes are strictly confidential Page 5 of 16
All Private Healthcare Information contained herein is protected by HIPAA Privacy Laws
• Accounts Payable:
o I did not examine accounts payable records and check disbursements, other than
relating to patient refunds, for evidence of tampering.
• Accounts Receivable
o I did not examine the Accounts Receivable for materiality.
• Purchase Abuse:
o I did not examine purchases recorded on the account of DR SANDY FLETCHER
MONTANO DDS PLLC for abuse. These include, but not limited to purchases using a
company credit card, PayPal, Amazon or other business accounts.
• Dental Insurance
o I did not examine for dental insurance overbilling (submitting dental claims for services
not rendered) or examine for theft of insurance checks (misappropriation of insurance
checks mailed to the Practice)
EXAMINATION RESTRICTIONS & LIMITATIONS.
My examination was subject to the general restrictions and limitations listed below. Specific limitations
and restrictions, if any, will be mentioned accordingly in sections of this report.
1. I confined my examination to the 12-month period of January 2021 to December 2021. (the
“Period”).
2. While I may have looked at records outside the Period, I did so on an exploratory basis and as
such, cannot form any conclusions whether financial misconduct took place outside the dates
examined.
3. I did not examine every individual transaction during the Period and my examination focused on
transactions that based on my knowledge and experience, appeared consistent with financial
misconduct, fraud, or embezzlement.
4. My examination was not intended to detect minor or immaterial losses 0F0F
1
.
5. I did not examine for any violations of laws or government regulations.
6. I reserve the right, but remain under no obligation, to review this report, and if considered
necessary, to revise my report; subject to considering any information that becomes known
after the date of this report.
1
Immaterial losses include such things as pilfering postage stamps, stealing office supplies, or removing occasional funds from
petty cash or other unrecorded sources.
www.hiltzandassociates.com
This report and its accompanying Annexes are strictly confidential Page 6 of 16
All Private Healthcare Information contained herein is protected by HIPAA Privacy Laws
SOURCES OF INFORMATION
The following documents were examined
1. A Pre-examination Questionnaire completed by Dr. Sandy Fletcher Montano; included as:
ANNEX B – Pre-Investigation Questionnaire.pdf
2. A copy of a third-party report of embezzlement losses. included as: ANNEX D – External Report
Final_Copy.pdf
3. Washington Trust Bank monthly bank statements for DR SANDY FLETCHER MONTANO DDS PLLC
from January 2021 to December 2021, included as: ANNEX E – Washington Trust Account
1001039450.pdf
4. An Excel CSV file from QuickPay Merchant Services for DR SANDY FLETCHER MONTANO DDS
PLLC from January 2021 to December 2021, included as:
5. Numerica Credit Union banking records January 2021 to December 2021, included as: ANNEX F –
Numerica Credit Union Account 957715.pdf.
6. Payment records obtained from the Open Dental practice management system for January 2021
to December 2021.
7. A list of the names of all family members and close friends of the employee alleged responsible
for the dishonest and fraudulent acts.
EMPLOYEE ALLEGED RESPONSIBLE FOR LOSSES
The allegations expressed within the content below are attributed solely to Dr. Montano.
The employee that Dr. Montano alleges responsible for the losses incurred by DR SANDY FLETCHER
MONTANO DDS PLLC was Heather Dawn VINCENT
According to Dr. Montano, VINCENT was responsible for day-to-day operation of the dental practice and
made entries in the billing and payment software, collected and recorded payments, wrote off accounts
uncollectable, and made credit adjustments. (for a list of VINCENT’s duties, please refer to ANNEX B –
Pre-Investigation Questionnaire.pdf
Dr. Montano reported that VINCENT was hired on September 1, 2021 and that her last day of
employment was October 28, 2021.
VINCENT’s employment files were supplied by Dr. Montano, and included with this report as:
ANNEX C1 – VINCENT SSN AND DL.pdf
www.hiltzandassociates.com
This report and its accompanying Annexes are strictly confidential Page 7 of 16
All Private Healthcare Information contained herein is protected by HIPAA Privacy Laws
ANNEX C2 – VINCENT Employment Record.pdf
According to Dr. Montano, VINCENT voluntarily quit her employment after Dr. Montano confronted her
regarding questionable finances. (see p. 14 ANNEX B – Pre-Investigation Questionnaire.pdf)
FRAUD EXAMINATION FINDINGS
BILLING AND PAYMENTS
Dr. Montano’s practice used two software applications for its billing and payment purposes during 2021:
• Open Dental
o a full feature dental practice management program used by dental offices for scheduling,
billing, payments, patient engagement, imaging, and charting.
• QuickPay
o a merchant service application offered by Priority Payment Systems (https://www.pps.io/)
and used to process credit card payments and allow entry cash and checks payments.
During the Period, Open Dental was used for billing and payment purposes while QuickPay was used for
payments only.
This observation was remarkable since Open Dental should have been used to record all charges and
payments associated with each patient’s account.
When asked, Dr. Montano informed me that his office used QuickPay to record payments at the
direction of his employees and that he was uninvolved with the administration side of the Practice.
www.hiltzandassociates.com
This report and its accompanying Annexes are strictly confidential Page 8 of 16
All Private Healthcare Information contained herein is protected by HIPAA Privacy Laws
EXAMINATION – OPEN DENTAL SOFTWARE
Figure 1: Production and Income Report for 2021 from Open Dental
Figure 1 shows Practice Annual Total Production of $294,450. By comparison, the national average
production for a solo dental practice in 2020 was reported as $659,710)
2
Figure 1 shows Practice Annual Total Income (“collections”) of $30,535.
2 Source: American Dental Association, Health Policy Institute, 2021 Survey of Dental Practices reports: https://www.ada.org/-
/media/project/ada-organization/ada/ada-org/files/resources/research/hpi/hpidata_sdpi_2020.xlsx
www.hiltzandassociates.com
This report and its accompanying Annexes are strictly confidential Page 9 of 16
All Private Healthcare Information contained herein is protected by HIPAA Privacy Laws
EXAMINATION – QUICKPAY
Figure 2: Collection Report from QuickPay. (see “QuickPay Pivot” worksheet in ANNEX H – Montano Worksheets.xlsx)
QuickPay shows total collections of $92,448 for 2021 and of that, cash receipts accounted for
$39,048.12.
CONSOLIDATED PRODUCTIONS AND COLLECTIONS
Consolidated Production and Collections 2021
Consolidated collections in 2021 were $122,983
The BLUE highlighted text is the balance as of December 2021, representing all outstanding, non-
recorded and unadjusted payments.
Cash Check Discover MasterCard Visa Grand Total
Jan $ 1,038.00 $ 1,038.00
Feb $ 320.00 $ 320.00
Mar $ 200.00 $ 200.00
Apr $ 296.80 $ 4,466.44 $ 4,763.24
May $ 6,853.00 $ 990.72 $ 390.15 $ 4,559.79 $ 12,793.66
Jun $ 1,685.00 $ 2,654.00 $ 2,512.45 $ 789.50 $ 4,247.80 $ 11,888.75
Jul $ 4,994.00 $ 500.00 $ 1,079.00 $ 2,807.89 $ 9,380.89
Aug $ 9,102.00 $ 302.40 $ 1,104.64 $ 3,959.83 $ 14,468.87
Sep $ 8,662.50 $ 779.50 $ 1,667.20 $ 11,818.76 $ 22,927.96
Oct $ 7,751.62 $ 53.00 $ 2,650.00 $ 4,212.40 $ 14,667.02
Grand Total $ 39,048.12 $ 5,226.62 $ 2,862.25 $ 7,880.49 $ 37,430.91 $ 92,448.39
Open Dental Production: $ 294,450
Open Dental Income $ 30,535
QuickPay Collections $ 92,448
Total Collections $ 122,983 $ 122,983
Uncollected / Unadjusted $ 171,467
Production / Collections Ratio 42%
www.hiltzandassociates.com
This report and its accompanying Annexes are strictly confidential Page 10 of 16
All Private Healthcare Information contained herein is protected by HIPAA Privacy Laws
RECORDED COLLECTIONS AND BANK DEPOSITS
A summary comparison of the collection totals for 2021 recorded in Open Dental and QuickPay against
the deposit totals recorded by Washington Trust and Numeric Credit Union showed a difference of
$(11,521).
Total Collections $122,983
Total Deposits $134,504
Difference $(11,521)
Accordingly, deposits were greater than collections by $11,521
SEGMENTATION OF COLLECTIONS AND DEPOSITS
The table below shows segmented collections for Open Dental and Quickpay.
Figure 3: Open Dental and QuickPay Collections (segmented)
Notable: Quickpay was used to record $39,048 in cash collections from May to October 2021
The table below shows segmented deposits using information obtained directly from each financial
institution.
Month Cash Check
Credit
Card
Insurance
Check Cash Check
Credit
Card
Jan-21 $ 284 $ 200 $ 3,218 $ 1,038 $ 4,740
Feb-21 $ 320 $ 320
Mar-21 $ 200 $ 200
Apr-21 $ 4,763 $ 4,763
May-21 $ 250 $ 50 $ 6,853 $ 991 $ 4,950 $ 13,094
Jun-21 $ 360 $ 820 $ 1,685 $ 2,654 $ 7,550 $ 13,069
Jul-21 $ 4,994 $ 500 $ 3,887 $ 9,381
Aug-21 $ 9,102 $ 302 $ 5,064 $ 14,469
Sep-21 $ 8,663 $ 780 $13,486 $ 22,928
Oct-21 $ 521 $ 7,752 $ 6,915 $ 15,188
Nov-21 $ 504 $ 325 $ 1,253 $ 8,806 $ 10,887
Dec-21 $ 13,944 $ 13,944
$1,038 $935 $1,253 $ 27,309 $39,048 $5,227 $48,174 $ 122,983
OPEN DENTAL COLLECTIONS QUICKPAY COLLECTIONS
TOTAL
www.hiltzandassociates.com
This report and its accompanying Annexes are strictly confidential Page 11 of 16
All Private Healthcare Information contained herein is protected by HIPAA Privacy Laws
Figure 4: Numerica and WA Trust Bank Deposit Records (segmented)
Notable: Numerica over the counter deposits from May-Oct 2021 were $26,316 compared to $30,503
for Nov-Dec- 2021. (i.e.: over half of all OTC deposits were made after October 2021)
OTC deposits tickets obtained from Numerica bank for show total cash deposits of $11,800 in 2021. (see
Numerica OTC Deposits in ANNEX H – Montano Worksheets.xlsx
Total Check Deposits $ 44,233.54
Total Cash Deposits $ 11,800.00
OBSERVATIONS AND REMARKS
Observations
The billing and payment systems were not used in accordance with established practice.
Dr. Montano asserts that he was an absent business owner and that he trusted his employees to handle
the administration of the practice.
Dr. Montano informed me that from May 2021 to October 2021, all the production and collection
entries were posted by an employee.
Month OTC Merchant
ACH
Insurance OTC
ACH
CREDIT
Jan-21 $ 4,388 $ 1,019 $ 5,407
Feb-21 $ 200 $ 310 $ 510
Mar-21 $ 1,000 $ 2,323 $ 3,323
Apr-21 $ – $ 4,140 $ 4,140
May-21 $ 1,570 $ 3,726 $ – $ 1,875 $ 7,171
Jun-21 $ 6,463 $ 7,550 $ – $ 1,984 $ 15,997
Jul-21 $ 831 $ 4,706 $ – $ – $ 5,537
Aug-21 $ 7,402 $ 5,368 $ – $ – $ 12,770
Sep-21 $ 4,480 $ 10,950 $ – $ 808 $ 16,237
Oct-21 $ 5,570 $ 6,113 $ 4,149 $ – $ 4,834 $ 20,667
Nov-21 $ 17,681 $ 4,183 $ 5,434 $ – $ – $ 27,298
Dec-21 $ 12,822 $ 1,100 $ 1,525 $ – $ – $ 15,447
$ 56,820 $ 43,696 $ 11,108 $ 5,588 $17,293 $134,504
TOTAL
Numerica Washington Trust
www.hiltzandassociates.com
This report and its accompanying Annexes are strictly confidential Page 12 of 16
All Private Healthcare Information contained herein is protected by HIPAA Privacy Laws
I observed that during May 2021 to October 2021, a total of $39,048 in cash receipts were recorded in
QuickPay while only $10,800 were deposited to Numerica.
My assumption is the most or all the $39,048 in recorded cash payments recorded represent bona fide
cash payments received from patients of the practice.
My reasons for this assumption are:
1. The cash receipts that were posted in QuickPay were recorded with Patient Name.
a. out of pocket dental expenditures are generally tax deductible and people want a
receipt.
2. The average cash receipt in the Practice was $590.
a. This amount is high enough to make it unlikely a receipt would have been overlooked or
disregarded by patients.
3. The time-interval between recorded cash payments appears consistent with the end-time of
patient appointments.
a. patients tend to make cash payments at the end of their appointment before leaving
the office. (See QuickPay Pivot in ANNEX H – Montano Worksheets.xlsx)
If my assumptions are correct, then the Practice collected $39,048 in cash receipts from May to Oct
2021.
I have confirmed that from May to Oct 2021 a total of $10,800 of cash was deposited to Numerica Bank.
Accordingly, the difference of $28, 248 represents cash receipts that were collected and not deposited.
These assumptions are subject to my remarks below:
REMARKS
For economy of investigation and on-site conditions, I did not conduct a “payment test” of the
recorded cash receipts and therefore my assumptions have not been tried.
To be clear, I did not contact any of the 45 accounts that show a recorded cash receipt in 2021 to
confirm the method of payment used.
I have provided a copy of my standard declaration (“payment test”) form with this report in the event
Dr. Montano requires it at some point. (see: ANNEX I – Montano Statutory Declaration.pdf)
www.hiltzandassociates.com
This report and its accompanying Annexes are strictly confidential Page 13 of 16
All Private Healthcare Information contained herein is protected by HIPAA Privacy Laws
A detailed listing of the 66 recorded cash receipts and patient names are included as “QP Cash
Payments” in ANNEX H – Montano Worksheets.xlsx
EXAMINER REMARKS
Based on my correspondence with Dr. Montano and examination of the Practice’s billing, payment, and
deposit records, I feel it is likely and reasonable to conclude that from May to Oct 2021. the Practice
collected $28,248 in cash receipts that were not deposited.
Due to on site conditions and for economy of investigation, I did not conduct a materiality test of the 66
cash receipts totaling $39,048 that were recorded from May to Oct 2021 to verify method of payment.
www.hiltzandassociates.com
This report and its accompanying Annexes are strictly confidential Page 14 of 16
All Private Healthcare Information contained herein is protected by HIPAA Privacy Laws
ANNEX A – William Hiltz
SUMMARY OF EDUCATION
Marine Institute (St. John’s, NL)
Diploma Industrial Instrumentation. ‘80
Dalhousie University (Halifax, NS)
BSc (Biology) ’98
BSc (Biology AdvMaj) ’99
MBA ‘01
SUMMARY OF EXPERIENCE
Since 2004, has personally conducted hundreds of
fraud and embezzlement investigations for dentists
and practice owners.
Pioneer and widely acknowledged expert in
embezzlement detection, investigation and
remediation. Published author and speaker about
embezzlement in healthcare.
Extensive experience as a trusted adviser and
consultant on issues related to embezzlement,
healthcare fraud, audits, technology, practice
transitions, dental practice mergers/acquisitions
and operational matters.
Founder / CEO
Co-Founder
Chief Operating Officer
Chief Fraud Examiner
Chief Privacy Officer
Dept of National Defense
Practice Management Consulting
Websites: https://www.hiltzandassociates.com
CLIENT CONFIDENTIAL © 2020 Hiltz & Associates
This report and its accompanying Annexes are strictly confidential Page 15 of 16
All Private Healthcare Information contained herein is protected by HIPAA Privacy Laws
The ANNEXES shown below are included as separate file attachments with this report.
ANNEX B – Pre-Investigation Questionnaire.pdf
ANNEX C1 – VINCENT SSN AND DL.pdf
ANNEX C2 – VINCENT Employment Record.pdf
ANNEX D – External Report Final_Copy.pdf
ANNEX E – Washington Trust Account 1001039450.pdf
ANNEX F – Numerica Credit Union Account 957715.pdf
ANNEX G – Open Dental Annual Production and Income 2021.pdf
ANNEX H – Montano Worksheets.xlsx
ANNEX I – Montano Statutory Declaration.pdf
ANNEX J – OD securitylog.xlsx
Annex K – Numerica Deposit Tickets 2021.pdf
EXHIBIT 2
EXHIBIT 3
1
MEMORANDUM
To: AUSA Daniel Fruchter: AUSA Tyler Tornabene; Special Agent Ryan Butler
From: Dr. Sandy Montano, D.D.S.
Date: April 29, 2022
Re: Criminal Activity by Heather Dawn Vincent
A. List of Criminal Laws Violated
1. Violation of HIPAA: 42 U.S.C. § 1320d-6(a)
2. Identity Theft: 18 U.S.C. § 1028(a)(7)
3. Violation of Computer Fraud and Abuse Act, Accessing to Defraud and
Obtain Value, 18 U.S.C. § 1030(a)(4)
4. Wire Fraud, 18 U.S.C. § 1343
B. Factual Summary
1. Deer Park Dental and Ms. Heather Vincent
I owned and operated a dental practice called Deer Park Dental located at 118
E. Crawford Street in Deer Park, Washington. In October 2019, I became
romantically involved with Heather Vincent. In April 2021, Ms. Vincent lost her
job at Dave Smith motors because she was caught manipulating the prices of vehicles
and accepting kickbacks from clients to do so. While she was collecting
unemployment from Idaho, Ms. Vincent asked me for a job.
On September 1, 2021, I hired Vincent to be Deer Park Dental’s Office
manager, HR Director, and Social Media manager. She worked for my practice for
a total of about eight weeks until October 28, 2021.
Starting in mid-October I started to suspect that Ms. Vincent was not
completing her assigned job duties. When I asked her about her work (in particular
a financial report) she got defensive and told me that she “had enough and was done
2
with this job.” I agreed it wasn’t working out and I said I hoped we could leave on
good terms. A timeline of what happened next appears as Exhibit A.
2. Ms. Vincent Engages in Criminal Behavior
Ms. Vincent committed a number of crimes before abandoning her position.
First, Ms. Vincent stole Protected Health Information (“PHI”). In addition to
stealing regular patient files, Ms. Vincent accessed and copied our Medicaid files
and stole patient information that contained individually identifiable health
information about all of our Medicaid patients. After leaving Deer Park Dental, Ms.
Vincent got a job at a different dental practice called Grins & Giggles Family
Dentistry, and she used PHI she obtained from Deer Park Dental in order to solicit
my clients to this new practice. See Exhibit B.
Second, on October 28 (the day she left), Ms. Vincent went to my apartment
and stole $1750 that I keep around for emergencies. Ms. Vincent also (without
authorization) used Deer Park Dental’s financial information to apply for a credit
account through Comenity Capital Bank. This application was denied. See Exhibit
C.
Third, Ms. Vincent stole the credit card numbers from the business credit card.
In December, Ms. Vincent used the credit card to post a fake ad on Indeed which
advertised a job for my personal assistant. See Exhibit D. On January 26, she
attempted to use the stolen credit card information to make purchases on Amazon
and Google but these charges were not authorized.
Fourth, Ms. Vincent stole passwords that the business used for: (a) dental
insurance websites, (b) Facebook, (c) Amazon, (d) Google Business, (e) Instagram,
(f) the business email account associated with social.deerparkdental@gmail.com;
and (g) the business email account associated with dpdmanager@gmail.com .
Before she left, Ms. Vincent changed the phone numbers and passwords associated
with these accounts so that the business was unable to regain control of these
accounts.
3
Fifth, on December 4, 2021, Ms. Vincent used the stolen passwords to hack
all of Deer Park Dental’s accounts, including Facebook, Instagram and Gmail
business accounts. During this hacking event, Ms. Vincent again accessed PHI in
violation of HIPAA. Ms. Vincent also used the stolen passwords to access Facebook
to post defamatory remarks about me and Deer Park Dental. See Exhibit E. Ms.
Vincent again tried to access Deer Park Dental’s Facebook account on April 22,
2022. See Exhibit F.
Sixth, on January 26, 2022, Ms. Vincent attempted to login to Deer Park
Dental’s Amazon and Google Business accounts, but I was able to block her. Ms.
Vincent then posted a question on Google: “what is Dr. Sandys, last name??” See
Exhibit G.
Seventh, Ms. Vincent stole approximately $12,811.30 from the practice. At
this time I do not have details about how she embezzled this money, but my
accountant found approximately $12,811.30 went missing from the business
between September 1 and October 28, 2021. See Exhibit H.
Eighth, Ms. Vincent conspired with other employees of Deer Park Dental
(Brooklynn Kennedy and Malenna Palmer) to steal patient files and PHI. When Ms.
Vincent joined as HR Director, she hired a number of people and formed alliances
with them. Eventually, she groomed them to steal PHI. On November 16, 2021,
Brooklynn Kennedy and Malenna Palmer committed theft by taking medical files
containing patient PHI. They stole this PHI under the direction of Ms. Vincent. I
filed a police report about the incident on November 17, 2021 (police report #2021-
1017-0818).
Ninth, Ms. Vincent continued to use my patient’s PHI for her own purposes
after she left Deer Park Dental. For example, on December 28, 2021, I received a
call from SIGNA insurance about a patient named Eloisa who had reportedly
reached out to SIGNA about a claim. We did not know anything about it, so my
personal assistant called Eloisa and learned that Eloisa had not called SIGNA. In
4
January, I received notice that someone had filed a complaint with their insurance
company. Again my assistant called the patient who had allegedly lodged the
complaint, and the patient stated that they never filed such a complaint.
Tenth, Ms. Vincent submitted false information to acquire Washington health
insurance by using my address when she actually resided in Idaho.
Eleventh, on December 30, 2021, Ms. Vincent parked outside my apartment
and attempted to log onto my Wifi router to commit additional computer crimes.
Attached is a screenshot of her vehicle outside of my apartment. See Exhibit I.
These pictures show Vincent’s vehicle outside my apartment late at night while she
is on her laptop in the front seat.
Ms. Vincent’s misuse of funds, misuse of data and other acts ruined my dental
practice and caused me to close Deer Park Dental on November 17, 2021.
3. Ms. Vincent Retaliates Against Me For Reporting Her Criminal Activity
Upon learning of Ms. Vincent’s criminal actions, I took steps to prevent
further damage and hold her accountable. Immediately following Ms. Vincent’s
hack of my systems on December 4, 2021, I reported HIPAA violations, contacted
Medicaid to suspend services to avoid any further damage. The practice’s Medicaid
portal was shut down.
I also contacted law enforcement. I reached out to the Spokane Sheriff’s
Office and filed a police report on November 17 (police report #2021-1016-6067).
After Ms. Vincent attempted to access my practice’s Amazon and Google Business
accounts on December 28, 2021, I called Crimewatch and left another police report.
I also alerted local law enforcement of my accountant’s finding that she had stolen
money from Deer Park Dental.
In an effort to undermine my efforts and retaliate against me, Ms. Vincent
conspired with her former employees to disrupt my practice. After leaving the
practice with PHI, Brooklynn Kennedy and Malenna Palmer returned with the police
and made false allegations that I was illegally holding their personal belongings and
5
was physically aggressive. Later, on December 3, 2021, I was physically assaulted
by an employee named Charles who demanded that we call him “Proud Boy
Charlie.”
C. Criminal Profile of Ms. Vincent
Ms. Vincent had a difficult childhood. Her mother abused drugs and spent
time in prison in California and Nevada. Her father was not present in her life. She
has a bad temper and bully tendencies.
Ms. Vincent was a low-level drug trafficker. She purchased drugs in
Washington and travelled to Idaho to sell them to her co-workers.
Ms. Vincent has a history of using computers to commit crimes. Before Deer
Park Dental, Ms. Vincent was fired by Dave Smith motors for using computers to
manipulate the price of vehicles and pocket a commission/kickback.
Ms. Vincent had a personal trauma in 2018 when she had an abortion
procedure after a random fling in a bar. After this trauma, she seemed less able to
control the negative parts of her personality.
D. Analysis – Violations of Laws
1. HIPAA, 42 U.S.C. § 1320d-6(a)
The Health Insurance Portability and Accountability Act (“HIPAA”)
prescribes criminal sanctions for violations that involve the disclosure of “unique
health identifiers, or of “individually identifiable health information.” More
specifically, § 1320d-6(a) sets out criminal penalties for the following:
A person who knowingly and in violation of this part—
(1) uses or causes to be used a unique health identifier;
(2) obtains individually identifiable health information relating
to an individual; or
(3) discloses individually identifiable health information to
another person, shall be punished as provided in subsection (b)
of this section.
6
§ 1320d-6(a).
In this case, Ms. Vincent obtained “individually identifiable health
information” relating to individual patients of Deer Park Dental. She then used that
individually identifiable health information to contact my patients and try to get them
to leave Deer Park Dental. In one example, she used the stolen PHI to reach out to
a patient who I was treating and referred that patient to Grins & Giggle Family
Dentistry to finish my work. See Exhibit B.
Ms. Vincent violated HIPAA by stealing PHI on at least three separate
occasions. First, she stole PHI on the day that she left Deer Park Dental on October
28, 2021. She stole patient files and accessed our Medicaid portal with the intent to
steal PHI. Second, Ms. Vincent stole PHI during a coordinated hacking event on
December 4, 2022, when she illegally accessed the Deer Park Dental Facebook,
Instagram and Gmail Business accounts. Third, on November 16, 2021, Ms. Vincent
stole PHI in coordination with her former co-workers Brooklynn Kennedy and
Malenna Palmer.
As a medical professional who is committed to compliance, I implemented a
rigorous HIPAA compliance program. See Exhibit J. As the office manager, Ms.
Vincent was aware of HIPAA laws and was partially responsible for implementing
Deer Park Dental’s compliance program. As a result, knew that it was illegal to
obtain individually identifiable health information and use it for an illegal purpose.
In these ways, Ms. Vincent violated federal HIPAA laws.
2. Identity Theft
Title 18, Section 1028(a)(7) of the United States Code provides:
Whoever, in a circumstance described in subsection (c) of this
section— . . . (7) knowingly transfers, possesses, or uses,
without lawful authority, a means of identification of another
person with the intent to commit, or to aid or abet, or in
7
connection with, any unlawful activity that constitutes a
violation of Federal law, or that constitutes a felony under any
applicable State or local law . . . shall be punished as provided
in subsection (b) of this section.
In this case, Ms. Vincent clearly violated this section of Federal law when she
stole passwords that the business used for Facebook, Amazon, and Google Business
email accounts. She stole the passwords and changed the phone numbers associated
with these accounts to ensure that she would retain control of the accounts. She
attempted to make online purchases and even applied for a $1,000 line of credit using
the Deer Park Dental business name. In this way, she violated Federal laws against
identity theft.
4. Accessing to Defraud and Obtain Value, 18 U.S.C. § 1030(a)(4)
Title 18, United State Code, Section 1030(a)(4) provides:
Whoever— (4) knowingly and with intent to defraud, accesses a
protected computer without authorization, or exceeds authorized
access, and by means of such conduct furthers the intended fraud
and obtains anything of value, unless the object of the fraud and
the thing obtained consists only of the use of the computer and
the value of such use is not more than $5,000 in any 1-year period
. . . shall be punished as provided in subsection (c) of this section.
Here, Ms. Vincent accessed the Deer Park Dental computers in a manner than
exceeded her authorized access. She stole patient lists with Protected Health
Information and stole passwords. She exceeded her access and stole this information
with the intent to defraud. For these reasons, Ms. Vincent violated the federal law
related to accessing a computer.
5. Wire Fraud, 18 U.S.C. § 1343
Title 18, United States Code, Section 1343 provides:
8
Whoever, having devised or intending to devise any scheme or
artifice to defraud, or for obtaining money or property by means
of false or fraudulent pretenses, representations, or promises,
transmits, or causes to be transmitted by means of wire, radio,
or television communication in interstate or foreign commerce,
any writings, signs, signals, pictures, or sounds for the purpose
of executing such scheme or artifice, shall be fined under this
title or imprisoned not more than 20 years, or both.
Sections 1343 and 1030(a)(4) overlap to a substantial degree, and so the same
facts that support a violation of 1030(a)(4) discussed above apply to this analysis
under section 1343 of the Wire Fraud statute.
Courts have recognized a variety of means of communications, including
internet transmissions. Here, Ms. Vincent used stolen information from Deer Park
Dental to apply for a line of credit. See Exhibit C. She also sent false information to
my patients in an effort to lure them over to the new dental practice where she was
working. See Exhibit B.
Exhibits to Memorandum Submitted by Dr. Sandy Montano
April 29, 2022
EXHIBIT A
1
TIMELINE OF EVENTS
2021.09.01: Vincent hired at Deer Park Dental as Office manager, HR Director,
and Social Media manager.
2021.10.28: Vincent ends employment at Deer Park Dental
• Vincent leaves the office with patient’s protected health information.
She copies Medicaid files.
• Vincent goes to my apartment and steals $1750 that I keep around for
emergencies.
• Vincent uses Deer Park Dental’s financial information to apply for a
credit account through Comenity Capital Bank.
• Vincent steals the credit card numbers from the business credit card.
• Vincent steals passwords that the business used for: dental insurance
websites, Facebook, Amazon, Google Business, Instagram, the business
email account associated with social.deerparkdental@gmail.com and
dpdmanager@gmail.com .
2021.11.16: Vincent encourages former co-workers to steal PHI and quit the dental
practice. Brooklynn Kennedy and Malenna Palmer commit theft and violate
HIPAA by taking PHI of patients.
2021.12.03: I am assaulted by an employee in my office.
2021.12.04: Vincent uses the stolen passwords to hack all of Deer Park Dental’s
accounts, including Facebook, Instagram and Gmail business accounts. During
this coordinated hacking event, Vincent again accesses PHI in violation of HIPAA.
Vincent also uses the stolen passwords to access Facebook to post defamatory
remarks about me and Deer Park Dental.
2021.12.28: I receive a call from SIGNA insurance about a patient named Eloisa
who had reportedly reached out to SIGNA about a claim. We did not know
anything about it, so my personal assistant called Eloisa and learned that Eloisa
had not called SIGNA.
2021.12.30: Vincent parks outside of my apartment and sits in the car on her
computer illegally hacking my router. Vincent uses the business credit card to post
a fake ad on Indeed which advertised a job for my personal assistant.
2
2022.01.25: An official audit is performed by a forensic accountant who confirms
that approximately $13,229 went missing during September-October 2021 when
Vincent worked at the practice.
2022.01.26: Vincent attempts to login to Deer Park Dental’s Amazon and Google
Business accounts, but I was able to block her. Vincent posts a question on Google:
“what is Dr. Sandys, last name??”
2022.01.27: I call Crimewatch and leave a police report on Vincent’s illegal
access of Amazon and Google Business. I call the police.
2022.02.06: I reported HIPAA violations by Brooklyn Kennedy and Melenna
Palmer to HHS and my attorney sends Cease and Desist letter to Vincent and
others to stop harassment and continuing to breach the data of my business.
2022.04.22: Vincent again tries to hack into my practice’s Facebook account.
Exhibits to Memorandum Submitted by Dr. Sandy Montano
April 29, 2022
EXHIBIT B
Exhibits to Memorandum Submitted by Dr. Sandy Montano
April 29, 2022
EXHIBIT C
Exhibits to Memorandum Submitted by Dr. Sandy Montano
April 29, 2022
EXHIBIT D
Exhibits to Memorandum Submitted by Dr. Sandy Montano
April 29, 2022
EXHIBIT E
Umer Javed 1/7/2022
1 | Page
Contents
CURRICULUM VITAE ………………………………………………………………………………………………………………..2
Objective……………………………………………………………………………………………………………………………….2
Summary of Findings……………………………………………………………………………………………………………….2
Detail of Findings…………………………………………………………………………………………………………………….2
Attacker Malicious Intention………………………………………………………………………………………………….7
Conclusion…………………………………………………………………………………………………………………………… 10
Glossary ……………………………………………………………………………………………………………………………… 10
References………………………………………………………………………………………………………………………….. 10
Umer Javed 1/7/2022
2 | Page
CURRICULUM VITAE
My name is Umer Javed. I am a student of BS-Cyber Security and Digital Forensics at National University
of computing and emerging Sciences, FAST, and Islamabad Pakistan. I have studied various cyber
security courses along with labs: Network and cyber security, Digital Forensics, Information Security,
Cryptography, Computer Networks etc. Along with this, I have command on C++, Python, Bash-Scripting
and assembly language. I have done various security projects which includes Designing and
Implementation of Modern Honey pot, light weight TLS(Transport Layer Security), Modern ciphers like
AES, RSA, ECC implementation, Dos detection and Prevention. I am ranked among top 8% of Tryhackme
cyber security professionals.
Investigator contact: cyberexpert343@gmail.com
Objective
To get evidence against unauthorized user who accessed Mr.Sandro facebook account
Summary of Findings
Facebook has capability of logging user activities. Facebook logged unauthorized user IP
addresses (174.204.74.241 and 2601:8c1:8401:6820:7899:f2c7:ba0f:2c70).Facebook sent a security mail
to Gmail (Mr.Sandrosmontana@gmail.com) as Facebook account was linked with Gmail. Mail from
facebook contains information about timestamp, location and Digital device (iPhone XR).
Detail of Findings
Unauthorized User accessed Mr.Sandro Facebook Account On 4th Dec, 2021 approximately at 6 AM.
Mr.Sandro received security mail from facebook security when unauthorized user did unusual activities.
The Evidence is highlighted below.
Umer Javed 1/7/2022
3 | Page
Figure 1
Mr.Sandro account was locked by facebook for doing unusual activities by unauthorized user. The
Evidence is highlighted below.
Figure 2
Umer Javed 1/7/2022
4 | Page
Facebook and Gmail were two primary sources from where evidences against attacker could be
collected.
Evidence from Gmail
Mr.Sandro Facebook account was linked with his Gmail (Sandrosmontana@gmail.com). So he
gets security notifications on his Gmail. On 4th December, When his facebook account was
blocked; he received a mail from security@facebookmail.com about ongoing unusual activities
as highlighted below.
Figure 3
Security mail from facebook contains information about the user who logged-in. This user
information could help in investigation process.
Evidence from Facebook
Mr.Sandro facebook account was blocked by facebook on 4th Dec, 2021. So it was necessary to
login Mr.Sandro account for getting information about the unauthorized user .For this purpose, I
Recovered Mr.Sandro facebook account. I got just one login activity on 4th December 2021 as
Umer Javed 1/7/2022
5 | Page
highlighted below.
Figure 4
The strange thing for me was two different IP addresses: one logged while logging in and other
one while logging out.
I have taken information about these two IP’s (174.204.74.241 and
2601:8c1:8401:6820:7899:f2c7:ba0f:2c70) from iplocation.net. The reason why I used this website for IP
information is that it gets IP data from different servers. Almost every server data contains common
Country, Region and ISP as highlighted below.
Umer Javed 1/7/2022
6 | Page
Figure 5
Figure 6
Why there are two different IP addresses?
The reason could be Attacker has logged-in facebook via one network and changed network
during unauthorized facebook session due to which account logout IP was different.
I tried to login facebook account again for investigation purposes on 6th January, 2022 but I got that
there is no facebook account associated with email (Mr.Sandrosmontana@gmail.com) as highlighted
below.
Umer Javed 1/7/2022
7 | Page
Figure 7
I had facebook logged-in in my Linux Machine. I go to facebook to collect Further Evidences against
attacker. I got a notification prompt asking for authenticating identity using a Phone Number. Attacker
removed email associated with facebook account and added his number to a facebook account as
highlighted below.
Figure 8
Attacker Malicious Intention
How does attacker gained access to Mr.Sandro Facebook account and take over it?
What was attacker intention behind this?
Let’s consider attacker doesn’t have facebook account password. He might have successfully brute
forced password and gained access to account. Then, how does attacker changed reset mail
(Mr.Sandrosmontana@gmail.com) to their Phone number? Attacker would need OTP (one time
password) sent on Gmail (Sandrosmontana@gmail.com) to edit facebook account profile. As attacker
removed Mr.Sandro reset Gmail (Sandrosmontana@gmail.com) and added their phone Number
successfully; so attacker has access of Gmail (Sandrosmontana@gmail.com).
Attacker uploaded harmful posts on Mr.Sandro facebook account.
Umer Javed 1/7/2022
8 | Page
Figure 9
Attacker objective was to defame Mr.Sandro Reputation. Attacker posted harmful posts and used wrong
equipments against Mr.Sandro patients.
Figure 10
It’s clear, attacker objective was to defame Mr.Sandro Reputation and Attacker also had an Mr.Sandro
Account credentials. So, I contacted with Mr. Mr.Sandro for asking whether he has shared his
Umer Javed 1/7/2022
9 | Page
credentials with anyone or not. According to him, Heather Vincent was his former employee at deer
park dental. She was hired as Marketing Personal on 9th January, 2021 and she was given facebook and
Gmail account credentials.
Figure 11
She was a marketing personal at deer park dental as highlighted in her LinkedIn Profile:
Figure 12
Mr.Sandro reported to cybercrime Spokane police department on 4th Dec and police report number is
#2021-1016-6067.
Umer Javed 1/7/2022
10 | Page
Conclusion
It’s clear from above evidences that attacker gained unauthorized access to Mr.Sandro Facebook
Account and tried to defame Mr.Sandro reputation. There are two Evidences against unauthorized
user/Attacker: IP address and Digital Device (iphone XR). These two evidences are dependent on each
Other. As it’s nearly impossible for a private digital investigator to get IP information from Telecom
Authorities/ISP’s.This case can be solved by either two ways:
I. Heather Vincent Digital devices should be seized and examined in a forensic sound manner. If
Heather Vincent had (iphone XR), then it should be examined first.
II. Getting 4th December, 2021 data of these two IP’s (174.204.74.241 and
2601:8c1:8401:6820:7899:f2c7:ba0f:2c70) from their respective organization. After getting data,
find an individual/organization to whom IP address was assigned when crime happened. In case,
if it’s organization then DHCP server logs would help to caught criminal.
Attacker has completely taken control over Mr.Sandro Facebook account. So Mr.Sandro should be given
his account back and attacker should be punished as per cyber Act.
Glossary
Unauthorized User – It refers to individuals gaining access to an organization’s data, networks,
endpoints, applications or devices, without permission.
DHCP Server – It is a network server that automatically provides and assigns IP addresses, default
gateways and other network parameters to client devices.
IP Address – It is a unique address that identifies a device on the internet or a local network.
References
https://www.iplocation.net/ip-lookup/
Exhibits to Memorandum Submitted by Dr. Sandy Montano
April 29, 2022
EXHIBIT F
Exhibits to Memorandum Submitted by Dr. Sandy Montano
April 29, 2022
EXHIBIT G
Exhibits to Memorandum Submitted by Dr. Sandy Montano
April 29, 2022
EXHIBIT H
Exhibits to Memorandum Submitted by Dr. Sandy Montano
April 29, 2022
EXHIBIT I
Exhibits to Memorandum Submitted by Dr. Sandy Montano
April 29, 2022
EXHIBIT J
At Legal writing experts, we would be happy to assist in preparing any legal document you need. We are international lawyers and attorneys with significant experience in legal drafting, Commercial-Corporate practice and consulting. In the last few years, we have successfully undertaken similar assignments for clients from different jurisdictions. If given this opportunity, The LegalPen will be able to prepare the legal document within the shortest time possible. You can send us your quick enquiry ( here )