New York hospital IT professional accused of stealing co-workers' passwords, information

BBusinessman touching lock icon on binary code and circuits background
Richard Liriano, 33, of the Bronx in New York City is accused of installing a malicious software program known as a keylogger on dozens of computers and online accounts between 2017 and 2018, officials said. (PraewBlackWhile/GettyImages)

A former health IT employee at a New York City-area hospital was charged in Manhattan federal court with compromising dozens of co-workers' email accounts and stealing their confidential information, the Department of Justice announced Friday

Richard Liriano, 33, of the Bronx is accused of installing a malicious software program known as a keylogger on dozens of computers and online accounts between 2017 and 2018, officials said. The program recorded and sent victim employees’ keystrokes to Liriano, officials said.

Liriano allegedly used the stolen credentials to repeatedly compromise password-protected online accounts such as social media and personal email accounts and is accused of pilfering through sensitive personal photographs and other documents such as tax records. 

Webinar

Curating a Higher Level of Personalized Care: Digital Health + Mom

A long-term digital health strategy is needed to respond to the technology demands of the modern patient while thriving as an independent hospital in a fiercely competitive market. In this webinar, Overlake and one of its digital health partners, Wildflower Health, will discuss how Overlake has approached digital health and why it chose to focus early efforts on expectant moms within its patient population.

"As information technology increasingly becomes an integral part of our workplaces, ensuring the integrity of those systems becomes even more critical," said U.S. Attorney Geoffrey Berman in a statement. "The arrest of Liriano should serve as an error message to any information technology professionals seeking to capitalize on their trusted access to information: As in this case, you will be caught and prosecuted.”

RELATED: Health systems get failing grade when it comes to NIST cybersecurity best practices: report

Liriano was arraigned in federal court before U.S. Magistrate Judge Katharine Parker. He was charged on three counts, including transmitting a program to a protected computer that intentionally caused damage, which carries a maximum sentence of 10 years in prison.

In the accusation, officials said he primarily used the keylogger program to access at least 30 email accounts, primarily those of female employees. 

“Whatever alleged motivation the subject in this case had, hacking into his co-workers lives, albeit extremely disturbing, wasn't the most egregious act," said FBI Assistant Director in Charge William Sweeney Jr. in a statement. "He allegedly installed a harmful program on computers that house vital and critical healthcare information for hospital patients, without a thought to what he could be compromising in his attempts to spy on people.”

While much of the concern around cybersecurity in healthcare has centered around external actors, a data breach investigations report from Verizon released earlier this year found insider attacks were responsible for the majority of healthcare data breaches (59%) in 2018 versus external attacks (42%). The healthcare industry is the only sector to show a greater number of insider attacks than external, according to Verizon's analysis of more than 20 industries.

Across all industries, external threat actors are still the primary force behind attacks (69% of breaches), with insiders accounting for 34%, they said.

Suggested Articles

The nation’s highest court grappled with a key Affordable Care Act case Tuesday, with $12 billion in payments to insurers hanging in the balance. 

A nationwide effort to improve and coordinate patient safety measures will strive to make a connection between workplace and patient safety.

Cigna is in talks with New York Life Insurance Co. to sell off its group benefits insurance business in a deal that could be worth $6 billion.