A former employee of a New York City-based hospital has been charged with installing a malicious software program on dozens of his coworkers’ computers and obtaining unauthorized access to their data, according to a recent Department of Justice (DoJ) announcement.
On Nov. 15, Geoffrey S. Berman, the U.S. Attorney for the Southern District of New York, and William F. Sweeney Jr., Assistant Director-in-Charge of the New York Office of the FBI, announced that Richard Liriano, 33, of Bronx, N.Y., allegedly had installed a malicious software program known as a “keylogger” on dozens of his coworkers’ computers at a New York City area hospital, obtaining unauthorized access to his victims’ email, social media and other online accounts, and using that unauthorized access to steal private and confidential files.
Using his victims’ stolen credentials, Liriano, over about a one-year span, repeatedly compromised their password-protected online accounts, and pilfered their sensitive personal photographs and other private documents, the prosecutors’ statement alleged.
Liriano has been charged in three counts: with transmitting a program to a protected computer that intentionally caused damage, which carries a maximum sentence of 10 years in prison; with intentionally accessing a protected computer without authorization and recklessly causing damage, which carries a maximum sentence of five years in prison; and with aggravated identity theft, which requires a two year prison term to be served consecutive to any sentence imposed on the computer intrusion charges, according to the DoJ.
In its 2019 Data Breach Investigations Report, Verizon found that for the second year in a row the healthcare market was the only industry to show a greater number of insider attacks (59 percent) than external (42 percent).
A statement from Berman read, “Liriano allegedly used the access he gained through the malicious software to steal photos, tax records, and other personal information from his coworkers and people associated with them. As information technology increasingly becomes an integral part of our workplaces, ensuring the integrity of those systems becomes even more critical. The arrest of Liriano should serve as an error message to any information technology professionals seeking to capitalize on their trusted access to information: As in this case, you will be caught and prosecuted.”
The maximum potential sentences are prescribed by Congress and are provided here for informational purposes only, as any sentencing of the defendant will be determined by the judge.