Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

12/23/2019
11:15 AM
50%
50%

Former NY Hospital Employee Admits to Stealing Colleagues' Data

Richard Liriano pleads guilty to compromising hospital computers and co-workers' email accounts, as well as stealing personal files and photos.

The former IT employee of a New York City-area hospital has pled guilty to stealing colleagues' credentials and logging into various accounts to steal private and confidential files, the Department of Justice reports. He used this access to view photos, videos, and other data.

Between 2013 and 2018, the allegations state, Richard Liriano abused his administrative access to log into employee accounts and copy his colleagues' personal documents, including tax records and personal photographs, onto his own machine. To do this, he installed malicious programs, including a keylogger, onto victims' machines so he could capture their credentials.

Over the course of this time frame, Liriano stole the usernames and passwords of about 70 or more email accounts belonging to hospital employees or people associated with them. He then obtained unauthorized access to password-protected email, social media, photography, and other online accounts where the victims were registered.

"Liriano's disturbing crimes not only invaded the privacy of his coworkers; he also intruded into computers housing vital healthcare and patient information, costing his former employer hundreds of thousands of dollars to remediate," US Attorney Geoffrey Berman said in a statement. Liriano's intrusions into the hospital networks caused more than $350,000 in losses.

Read more details here.

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "5 Pieces of GDPR Advice for Teams Without Privacy Compliance Staff."

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Why Vulnerable Code Is Shipped Knowingly
Chris Eng, Chief Research Officer, Veracode,  11/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: I think the boss is bing watching '70s TV shows again!
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-5680
PUBLISHED: 2020-12-03
Improper input validation vulnerability in EC-CUBE versions from 3.0.5 to 3.0.18 allows a remote attacker to cause a denial-of-service (DoS) condition via unspecified vector.
CVE-2020-5638
PUBLISHED: 2020-12-03
Cross-site scripting vulnerability in desknet's NEO (desknet's NEO Small License V5.5 R1.5 and earlier, and desknet's NEO Enterprise License V5.5 R1.5 and earlier) allows remote attackers to inject arbitrary script via unspecified vectors.
CVE-2020-5676
PUBLISHED: 2020-12-03
GROWI v4.1.3 and earlier allow remote attackers to obtain information which is not allowed to access via unspecified vectors.
CVE-2020-5677
PUBLISHED: 2020-12-03
Reflected cross-site scripting vulnerability in GROWI v4.0.0 and earlier allows remote attackers to inject arbitrary script via unspecified vectors.
CVE-2020-5678
PUBLISHED: 2020-12-03
Stored cross-site scripting vulnerability in GROWI v3.8.1 and earlier allows remote attackers to inject arbitrary script via unspecified vectors.