Richard Liriano admitted to using malicious software programs to hack into hospital computers and coworkers' email accounts between 2013 and 2018. By misusing his administrative accesses, Mr. Liriano would log into employee accounts and copy coworkers' personal documents, including tax records and photographs.
To access fellow employees' email accounts, Mr. Liriano used malicious programs, such as "keylogger," to steal usernames and passwords. Investigators determined that Mr. Liriano stole the usernames and passwords for around 70 email accounts.
The hospital, which was not disclosed, suffered from $350,000 in losses due to Mr. Liriano.
"To feed his voyeuristic curiosity, Richard Liriano, an information technology professional at a New York hospital, installed a 'keylogger' on dozens of his coworkers' computers and used other unauthorized software to spy on and steal personal information from them," said U.S. Attorney Geoffrey Berman. "Liriano's disturbing crimes not only invaded the privacy of his coworkers; he also intruded into computers housing vital healthcare and patient information, costing his former employer hundreds of thousands of dollars to remediate. He will now be held accountable for his actions."
Insider attacks happen more often than we would like to acknowledge.
Last year, the city of Baltimore had to fired an IT worker for having hacking tools on their computer.
The question of using internal resources versus outsourced IT or tech support one can be challenging for decision-makers to grapple with.
In some cases, companies feel they have a loss of control if they outsource their IT or tech support and while this may the case, if you choose a good partner, it can often be even better than using internal resources. The reason is – the relationship with an outsourced vendor is generally devoid of typical office politics, toxic employee interactions, disagreements on compensation, anger over vacation days and the like.
Outsourced tech support via an MSP or IT service provider is less likely to quit, leaving you without an adequate backup solution.
In the case of this insider hack in New York, the reality is, an outsourced company can also potentially act improperly. The challenge is, good MSPs have the depth to rotate workers in and out. In fact, we think this is a great way to keep all actors honest as a tech’s actions will be seen by others and they need to document their work according to the MSP business rules. This leaves little room for acting improperly.
Alternatively, internal workers are far tougher to manage and control – unless the team is sufficiently large to have numerous controls in place to keep everyone above board in terms of what they access and do.
The bottom line here is there are benefits to outsourced tech support teams as well as internal but in terms of security, an outside firm is likely a better choice. A blend inside and outside workers is not a bad option either depending on your specific needs and desires.
The team at Apex Technology Services is happy to discuss this further – we have a great deal of experience acting as the sole tech support/IT provider as well as working in a hybrid fashion with a CIO. We also specialize in managing satellite offices in the tristate area acting as “boots on the ground,” fixing problems when they arise.
We are happy to provide assistance. Drop us a line, anytime.