Richard Liriano pleaded guilty last December to one count of computer fraud relating to the ongoing scheme, which he engaged in between 2013-18. Mr. Liriano used malicious programs, such as keyloggers, on dozens of fellow employees’ computers at the unnamed hospital.
Mr. Liriano stole usernames and passwords for at least 70 email accounts belonging to hospital employees, costing the hospital more than $350,000 in losses. He used the stolen credentials to hack into employees’ online accounts, which stored personal photographs, videos and private documents including tax records.
“[Mr.] Liriano’s disturbing crimes not only grossly violated the privacy of his coworkers but jeopardized the integrity of computers housing vital healthcare and patient information, costing his former employer hundreds of thousands of dollars to remediate,” Acting U.S. Attorney Audrey Strauss said in the news release.
In addition to the two and a half-year prison sentence, Mr. Liriano was ordered to pay restitution of $351,850.
More articles on cybersecurity:
‘We’re not going to solve this through magical thinking’: What hospitals need to combat cyber threats
Michigan hospital email phishing attack exposes 26,861 patients’ info: 4 notes
Georgia hospital employee framed in HIPAA violation scheme