Hospital Staff Pleads Guilty to Patient Account Intrusion for Five Years

by | Jan 7, 2020 | Compliance News

The U.S. Department of Justice (DOJ) reported that an ex-staff of an unnamed hospital in New York City pleaded guilty to utilizing malicious software programs to get the credentials of fellow-workers, which he later misused for stealing sensitive data.

Richard Liriano, 33 years of age, from Bronx, New York, was a hospital’s IT employee. He enjoyed administrative-level access to the computer systems of the hospital but abused those access rights and copied patient information onto his personal computer.

Liriano employed a keylogger to acquire the credentials of a bunch of hospital co-workers from 2013 to 2018. Those credentials made it possible for Liriano to get access to the coworkers’ PCs or web accounts and acquire sensitive data including tax records, personal photos, videos, and other personal docs and files. He likewise employed other malicious software programs for surveillance of his co-workers.

Liriano took his coworkers’ sign-in data to their private webmail accounts, social network accounts, and other web-based accounts. In addition, he obtained access to the hospital computer systems that contain sensitive patient data. As per the DOJ, Liriano’s computer infiltrations cost his company close to $350,000 to remediate.

From 2013 to 2018, Liriano logged into his coworkers’ PCs and private accounts on various times trying to find sensitive data. Most of his 70+ victims were women. The DOJ information indicates that Liriano performed searches in their individual accounts trying to find sexually explicit photographs and videos.

The uncovering of the computer infiltrations got Liriano detained on November 14, 2019. On December 20, 2019, Richard Liriano pleaded guilty to 1 count of transferring software to a protected PC to purposefully bring about harm.

Geoffrey S. Berman, the U.S. Attorney for the Southern District of New York, explained that Liriano’s crimes did not merely breach the personal privacy of his co-workers; he likewise unlawfully logged into computers holding crucial healthcare and patient data, costing his ex-employer tens of thousands of dollars to fix. He is now going to be made liable for his behavior.

Liriano is due to be sentenced with a maximum jail period of 10 years on April 15, 2020 by U.S. District Judge Lewis A. Kaplan.

3 Steps To HIPAA Compliance

Step 1 : Download Checklist.

Step 2 : Review Your Business

Step 3 : Get Compliant!

Our HIPAA compliance checklist will outline everything your organization needs to become fully HIPAA compliant. Fill in the form below to download it now.

View our privacy policy