Hospital Employee Pleads Guilty to Account Hacking for Five Years

The U.S. Department of Justice (DOJ) announced that a former employee of an unnamed hospital in New York City pleaded guilty to employing malicious software to acquire the credentials of co-workers, which he afterward misused for the theft of sensitive information.

Richard Liriano, 33, from Bronx, New York, was an IT staff at the NYC hospital. Liriano was given administrative-level access to the hospital’s computer systems. He took advantage of those access rights and copied patient information onto his own computer.

Liriano used a keylogger to get the credentials of many of his co-workers between 2013 and 2018. Those credentials enabled Liriano to sign in to the coworkers’ computers or online accounts and get sensitive information like tax documents, personal pictures, videos, and other private information and files. He also used other malicious software to spy on his coworkers.

Liriano stole his coworkers’ log-in information to their personal webmail accounts, social media accounts, and other online accounts. In addition, he gained access to hospital computers holding sensitive patient information. According to the DOJ, Liriano’s computer access cost his employer about $350,000 to remediate.

Between 2013 and 2018, Liriano signed into his coworkers’ computers and individual accounts on several instances seeking sensitive information. Many of his 70+ victims were female. The DOJ records state that Liriano did searches in their private accounts hunting for sexually explicit images and videos.

The discovery of the computer access got Liriano arrested on November 14, 2019. On December 20, 2019, Richard Liriano pleaded guilty to one count of transmitting a program to a protected computer to deliberately cause damage.

Geoffrey S. Berman, the United States Attorney for the Southern District of New York, stated that Liriano’s crimes not just violated the privacy of his fellow-workers; he additionally intruded into computers storing important medical and patient information, costing his previous employer thousands of dollars to resolve. He is now going to be held responsible for his actions.

Liriano is facing a 10-years maximum jail term and is due for sentencing by U.S. District Judge Lewis A. Kaplan on April 15, 2020.

About Christine Garcia 1297 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at https://twitter.com/ChrisCalHIPAA