The New York Post reported Tuesday that a former IT worker from a Manhattan hospital was arrested last Friday and charged with computer trespass, unauthorized use of a computer, and fourth-degree computer tampering.
According to the article, Jason Wang "wreaked havoc with the computer system at North General Hospital in Harlem after he was fired by official there in September 2009..." The report doesn't specify what kind of "havoc" Wang is accused of wreaking, but it does indicate that authorities believe Wang used "a doctor's password and credentials to send a scathing e-mail to other hospital staffers, accusing Michele Prisco, North General's vice president and chief information officer, of being a racist."
Whether Wang is eventually convicted of these charges or not, the situation demonstrates the importance of strong internal IT security procedures.
In the October 10th, 2008 episode of TR Dojo, I discussed the following five security practices designed to prevent the situation outlined above:
- Follow the rule of least privilege
- Not all IT staff should be domain admins
- Monitor additions to admin-level groups
- Log all administrative activity
- Immediately revoke admin rights for terminated IT staff
For additional help developing strong internal, IT security procedures, check out the following TechRepublic resources:
- How do you keep your sys admins from stealing company secrets?
- 10 ways to reduce insider security risks
- Take security precautions when an employee leaves the organization
- Take steps to safeguard sensitive data
- Securing data from the threat within
- Track turnover in your organization with an employee separation checklist
Bill Detwiler has nothing to disclose. He doesn't hold investments in the technology companies he covers.
Bill Detwiler is Managing Editor of TechRepublic and Tech Pro Research and the host of Cracking Open, CNET and TechRepublic's popular online show. Prior to joining TechRepublic in 2000, Bill was an IT manager, database administrator, and desktop support specialist in the social research and energy industries. He has bachelor's and master's degrees from the University of Louisville, where he has also lectured on computer crime and crime prevention.