The former IT employee of a New York City-area hospital has pled guilty to stealing colleagues' credentials and logging into various accounts to steal private and confidential files, the Department of Justice reports. He used this access to view photos, videos, and other data.
Between 2013 and 2018, the allegations state, Richard Liriano abused his administrative access to log into employee accounts and copy his colleagues' personal documents, including tax records and personal photographs, onto his own machine. To do this, he installed malicious programs, including a keylogger, onto victims' machines so he could capture their credentials.
Over the course of this time frame, Liriano stole the usernames and passwords of about 70 or more email accounts belonging to hospital employees or people associated with them. He then obtained unauthorized access to password-protected email, social media, photography, and other online accounts where the victims were registered.
"Liriano's disturbing crimes not only invaded the privacy of his coworkers; he also intruded into computers housing vital healthcare and patient information, costing his former employer hundreds of thousands of dollars to remediate," US Attorney Geoffrey Berman said in a statement. Liriano's intrusions into the hospital networks caused more than $350,000 in losses.
Read more details here.
Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "5 Pieces of GDPR Advice for Teams Without Privacy Compliance Staff."