The New York Post reported Tuesday that a former IT worker from a Manhattan hospital was arrested last Friday and charged with computer trespass, unauthorized use of a computer, and fourth-degree computer tampering.

According to the article, Jason Wang “wreaked havoc with the computer system at North General Hospital in Harlem after he was fired by official there in September 2009…” The report doesn’t specify what kind of “havoc” Wang is accused of wreaking, but it does indicate that authorities believe Wang used “a doctor’s password and credentials to send a scathing e-mail to other hospital staffers, accusing Michele Prisco, North General’s vice president and chief information officer, of being a racist.”

Whether Wang is eventually convicted of these charges or not, the situation demonstrates the importance of strong internal IT security procedures.

In the October 10th, 2008 episode of TR Dojo, I discussed the following five security practices designed to prevent the situation outlined above:

  1. Follow the rule of least privilege
  2. Not all IT staff should be domain admins
  3. Monitor additions to admin-level groups
  4. Log all administrative activity
  5. Immediately revoke admin rights for terminated IT staff

For additional help developing strong internal, IT security procedures, check out the following TechRepublic resources: