Former Employee Of Hospital Pleads Guilty To Compromising Dozens Of Hospital Computers And Coworkers’ Email Accounts And Stealing Their Confidential Information
Geoffrey S. Berman, the United States Attorney for the Southern District of New York, announced that RICHARD LIRIANO pled guilty today to one count of computer fraud in connection with his scheme to use malicious software programs, including a program known as a “keylogger,” on dozens of his coworkers’ computers at a New York City-area hospital, secretly obtaining user names and passwords to his victims’ personal email and other accounts, and using that unauthorized access to steal private and confidential files. Using his victims’ stolen credentials, LIRIANO repeatedly compromised their password-protected online accounts, and accessed their sensitive personal photographs, videos, and other private documents. LIRIANO pled guilty earlier today in Manhattan federal court before United States Magistrate Judge Kevin N. Fox.
U.S. Attorney Geoffrey S. Berman said: “To feed his voyeuristic curiosity, Richard Liriano, an information technology professional at a New York hospital, installed a “keylogger” on dozens of his coworkers’ computers and used other unauthorized software to spy on and steal personal information from them. Liriano’s disturbing crimes not only invaded the privacy of his coworkers; he also intruded into computers housing vital healthcare and patient information, costing his former employer hundreds of thousands of dollars to remediate. He will now be held accountable for his actions.”
According to the allegations in the Information to which LIRIANO pled guilty, a prior Indictment filed against LIRIANO, as well as statements made during the plea and other proceedings in the case:
From at least in or about 2013, up to and including at least in or about 2018, LIRIANO misused administrative access provided to him as an information technology employee at a New York City-area hospital (“Hospital-1”), to log in to employee accounts, and copy other employees’ personal documents, including tax records and personal photographs, onto his own workspace computer for his own personal use.
To further his efforts to steal personal information from Hospital-1’s employees, LIRIANO, without authorization, used various malicious programs to steal the user names and passwords of his primarily female co-workers. One of these programs was known as a keylogger, which recorded and sent victim employees’ keystrokes to LIRIANO, such as the usernames and passwords those employees entered to access their personal web-based email accounts. Through the course of this conduct, LIRANO stole usernames and passwords for at least approximately 70 email accounts belonging to Hospital-1 employees or persons associated with those employees (the “Compromised Accounts”).
LIRIANO then used those stolen usernames and passwords to log in to the Compromised Accounts and obtain unauthorized access to other password-protected email, social media, photographs, and online accounts to which the Compromised Accounts were registered. Among other things, LIRIANO conducted searches for sexually explicit photographs and videos in the Compromised Accounts.
LIRIANO’s computer intrusions into Hospital-1’s computer networks caused over $350,000 in losses to Hospital-1.
* * *
LIRIANO, 33, of the Bronx, New York, was arrested on November 14, 2019. LIRIANO pled guilty today to one count of transmitting a program to a protected computer that intentionally caused damage, which carries a maximum sentence of 10 years in prison. The maximum potential sentence in this case is prescribed by Congress and is provided here for informational purposes only, as any sentencing of the defendant will be determined by the judge.
LIRIANO is scheduled to be sentenced by U.S. District Judge Lewis A. Kaplan on April 15, 2020, at 3:00 p.m.
Mr. Berman praised the investigative work of the Federal Bureau of Investigation and thanked the New York City Police Department for its assistance.
This case is being handled by the Office’s Complex Frauds and Cybercrime Unit. Assistant U.S. Attorney Vladislav Vainberg is in charge of the prosecution.