Health

Health system IT specialist pleads guilty to stealing colleagues’ personal info

Fitness & Health:

An IT specialist at a health system in upstate New York pleaded guilty this week to stealing personal information from colleagues’ computers.

Ameer Elashmawy, 28, pleaded guilty on Monday to fraud and related activity in connection with computers. According to an October press release from the U.S. Attorney’s Office, Elashmawy’s employer, Trillium Health, spent more than $100,000 to safeguard and protect its affected employees.  

WHY IT MATTERS  

Ads

Trillium Health is a two-facility system that offers primary and specialty care services in Rochester, New York.  

As outlined by the USAO, Elashmawy was responsible for the company’s information system security design and oversight. He also assisted employees with various IT needs.  

“The defendant had administrative rights and could log onto other employee work accounts, however, he was not allowed to access personal accounts of employees or former employees,” noted the October press release.  

“Between April 2019 and January 2020, the defendant used his administrative access rights to search employees’ email and social media accounts without their knowledge or permission,” said federal officials.  

After a different employee noticed unusual activity on the Trillium Health network in January 2020, an investigation found personal explicit photos and videos of at least 14 victims, as well as numerous photos of their driver’s licenses, credit cards, social security cards and other personal data.  

RELATED:  Cancer warning: People with heart failure found to be at greater risk of the disease

According to the Democrat and Chronicle, Trillium spent $232,000 to hire a cybersecurity firm to investigate how far Elashmawy had intruded into the network. (It’s not clear whether that includes the $100,000 outlined in the October USAO press release.)

The charges carry a maximum penalty of five years in prison and a $250,000 fine.  

THE LARGER TREND

Although federal officials did not report that Elashmawy inappropriately accessed patient information, snooping has led to a number of high-profile patient data breaches in recent years.  

In February, a New York health system said an employee viewed clinical information, including test results and diagnoses, via electronic health records.  

Last year, a cybersecurity firm noted that the COVID-19 pandemic could lead to an increase in improper EHR access by healthcare workers.

ON THE RECORD

“The defendant, without authorization and for his own personal benefit, copied the personal photos and [personal identifiable information] from such employees’ personal electronic devices,” said federal officials, as reported by Rochester First.

 

Kat Jercich is senior editor of Healthcare IT News.
Twitter: @kjercich
Email: [email protected]
Healthcare IT News is a HIMSS Media publication.


DISCLAIMER:-If article is on fitness, health tips, beauty, tips-tricks care like recommendation, then check for DISCLAIMER in T&C.

Health News Today & Latest Medical News More Updates

Today News || Latest News || World News || US Politics || Health News || Technology News || Education News

Source

Tags
Show More

Related Articles

Back to top button
Close