Cyber Incident Victim: Hospital for Special Surgery
Date:
Jan 2013
Location:
United States of America
Summary
A former IT employee at a New York City hospital compromised coworkers' computers over several years by installing malicious software, including keyloggers, to steal credentials for approximately 70 personal accounts. He accessed private emails, social media, and cloud storage, exfiltrating sensitive documents, tax records, and explicit media—primarily targeting female colleagues. The intrusions caused over $350,000 in remediation costs due to network damage and necessitated extensive security overhauls. The perpetrator, who abused administrative privileges to copy and misuse confidential data, was prosecuted for computer intrusion and sentenced to 30 months in federal prison following an FBI-led investigation.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
From approximately 2013 to 2018, Richard Liriano, an information technology employee at New York City's Hospital for Special Surgery (referred to as Hospital-1 in court documents), abused his administrative system access to conduct unauthorized surveillance and data theft against coworkers. Liriano logged into employee accounts without permission and copied personal documents—including tax records and private photographs—onto his workspace computer for personal use. He escalated his intrusions by deploying malicious software programs across hospital computer systems, including keyloggers designed to covertly capture employees' keystrokes. These tools enabled him to steal login credentials for approximately 70 personal email accounts belonging primarily to female colleagues and individuals associated with them. After obtaining credentials, Liriano repeatedly accessed victims' password-protected email, social media, and cloud storage accounts, specifically searching for and stealing sexually explicit photographs and videos. His activities persisted undetected for five years, during which he systematically violated employee privacy while maintaining his position as a trusted IT professional with network access privileges.
The hospital incurred over $350,000 in remediation costs to address damage caused by Liriano's intrusions into computer networks housing healthcare systems and patient information. Law enforcement investigation revealed the extent of compromised accounts and the malicious software infrastructure Liriano deployed. Following his indictment, Liriano pleaded guilty to computer intrusion charges. In October 2020, the U.S. District Court for the Southern District of New York sentenced him to 30 months in prison. The Federal Bureau of Investigation led the inquiry with assistance from the New York City Police Department, while the prosecution was handled by the U.S. Attorney's Office Complex Frauds and Cybercrime Unit under Assistant U.S. Attorney Vladislav Vainberg. The case highlighted both the abuse of privileged IT access and the significant organizational costs required to remediate insider threats targeting sensitive personal and institutional data.