As enterprise security executives working other industries know, healthcare security needs to look inward in addition to considering patients and visitors when it comes to protection strategies.

In an odd but somewhat recurring example, a Florida teenager was sentenced recently to a year in jail after he was convicted of four felonies linked to his impersonation of a physician assistant in a hospital emergency department. He was convicted in August of two counts of practicing medicine without a license and two counts of impersonating a physician assistant at Osceola Regional Medical Center in Florida. He told investigators that the ruse began when he went to the hospital to get a badge for his job as a clerk at a doctor’s office across the street, but someone botched the paperwork. Prosecutors said he used the badge to work in the hospital emergency department for weeks, changing bandages, handling IVs and helping conduct exams. He also acknowledged having performed CPR on a patient suffering from a drug overdose.

Then there is that hospital CEO.

Prosecutors in the U.S. District of Northern Indiana recently indicted a former CEO of White County Memorial Hospital in Monticello, Ind., who with a conspirator allegedly defrauded the hospital out of more than $800,000. The indictment alleged he implemented a scheme in which he funneled White County’s money to a bogus staff recruiting firm called Plake and Associates. In actuality, the firm was just a West Lafayette, Ind., resident with no recruiting experience and who at the time in question worked as a Catholic youth minister. The indictment alleges he did no recruiting with White County Memorial Hospital’s money, instead pocketing 25 percent while kicking 75 percent back to the CEO. The two men are also accused of running the same scheme at another area healthcare facility.