Fourth Circuit Affirms Healthcare Worker’s Conviction for Leaking Justice Ginsburg’s Medical Records

The case originated in January 2019 when hospital employees discovered a Twitter post containing a screenshot of Justice Ginsburg’s patient search screen. The image revealed her name, ten visit dates, and medical services including radiology, oncology, and surgery. Before appearing on Twitter, the screenshot was posted on 4Chan’s “Politically Incorrect” thread, where users promoted conspiracy theories that the Justice had died.

George Washington University Hospital’s Chief Information Officer, Nathan Read, traced the leak to search logs for patients with last names starting with “Ginsb.” This initially pointed to Robert Harlow, an emergency room employee, but Read dismissed him as the culprit because he was an older gentleman who lacked technical aptitude. Read then broadened his search to “Gin,” which led to Russell.

Russell worked for a non-profit organ donation company that had access to the hospital’s patient database. Logs showed that a non-hospital device under Russell’s username searched for “Gins” on January 7, 2019. The search occurred seconds after a legitimate query for patient “Barker” and seconds before a search for “Ginston,” a name with no hospital record.

Federal agents interviewed Russell at his workplace. Although the CEO of Russell’s company sat in on the interview, the court found the interaction voluntary. Russell admitted to searching for Barker but denied searching for Gins or Ginston. He offered implausible explanations, suggesting his cat might have typed on the keyboard or that a coworker used his login.

The investigation revealed that Russell had formatted his desktop’s hard drive just days after the hospital revoked his access. He turned over a secondary gaming drive rather than the primary drive containing the operating system. Forensic experts recovered data showing Russell had visited the same 4Chan thread where the medical information was posted, along with antisemitic comments and conspiracy theories.

Russell argued that the screenshot did not constitute “individually identifiable health information” because it did not list specific diagnoses or doctor names. The Fourth Circuit rejected this view, holding that information showing the Justice’s name, treatment dates, and services fell within the heartland of the statute’s prohibitions.

The court also upheld the denial of Russell’s motion to suppress his statements to agents. It found no coercive police activity, noting that Russell was told the interview was voluntary and could leave at any time. The presence of his CEO, who remained silent, did not constitute an implicit threat to his employment.

Russell further challenged the trial court’s limitation on cross-examining the investigating agent. He claimed the agent ignored his theory that coworkers used his login. The court found no abuse of discretion, noting that the defense counsel chose not to pursue additional questions on cross-examination after the court offered alternative avenues to explore bias.

Russell was convicted of unlawfully obtaining individually identifiable health information and destroying records with intent to obstruct an investigation. The Fourth Circuit affirmed the judgment in full, finding sufficient evidence that Russell personally conducted the unauthorized searches and attempted to destroy evidence.