A fired Stradis Healthcare employee sought revenge by tampering with shipping data for desperately needed healthcare PPE.
The FBI has announced that Christopher Dobbins pleaded guilty & was sentenced to 1 year in prison for breaching & temporarily disabling the Stradis Healthcare shipping system using a secret account, after being fired weeks earlier.
Last March, as doctors reported having to ration & reuse personal protective equipment (PPE) to treat COVID-19 patients, Georgia-based Stradis Healthcare, which packages & ships PPE & surgical kits, was eager to step up & help, according to FBI Special Agent Roderick Coffin, who investigated it.
“It was both a chance for the company to contribute to the national response & a business opportunity,” Special Agent Coffin, who works out of the FBI’s Atlanta Field Office, observed in a statement.
Some weeks earlier, Georgia-based Stradis had fired Dobbins from his job there as VP, the FBI reported.
Although the company revoked his credentials, Dobbins maintained a secret account, which still let him to access the company’s shipping data, the FBI commented. In a ‘classic’ insider threat attack, Dobbins used that retrained access to tamper with shipping data, temporarily halting the company’s efforts to distribute the lifesaving medical equipment.
“The company’s operations ground to a halt briefly, & disruptions continued for months,” the FBI reported.
When the company was able to work out what was happening, the FBI says they immediately contacted law enforcement, which allocated the FBI Atlanta Cyber Task Force to the case.
“Given the pandemic, it was especially urgent that we figure out what happened & ensure there was no continuing compromise,” Coffin suggested. “We also wanted to make a statement that the FBI & the US Attorney’s Office are going to investigate & prosecute these types of crimes.”
Stradis CEO & Co-Founder Jeff Jacobs commented in a statement that the company fully cooperated with law enforcement & is ‘eager to put the matter aside & get back to business.’
“We work every day with these heroes in the medical community & are proud to be a key link in fighting this pandemic,” Stradis President Adam Sokol added. “Partnering with medical professionals has been the fundamental cornerstone of our company & what we strive to do every day – improve the lives of patients.
And right now, that critical mission is more important than ever, because we know patients’ lives are at stake, & we think about that every minute.”
This incident highlights the risk of insider threats, like disgruntled former employees, can pose to any organisation. It is IT users with the most privileged access, like Vice-Presidents (Directors), who pose the biggest security threat, according to Gurucul COO Craig Cooper.
“This not probably a surprise to a lot of people, that privileged IT users & administrators are looked at as the as the biggest threat to organisations,” Cooper observed recently in a webinar.
Cooper adds that insider threats of all types are on the rise. Those numbers are expected to jump even higher in 2021, Forrester Research predicted. Currently, about 25% of data breaches are tied to insider threats & researchers said they expect that number to jump by a staggering 33% this year, driven by staff churn & remote work.
The FBI lauded Stradis Healthcare for its early engagement & open collaboration in the investigation related to the matter & said it help expedite the investigation & get the matter settled quickly & successfully.
“In computer intrusion cases, the crime scenes are the systems in these companies’ offices, & we need their assistance to process that in a way it’s admissible in court,” Coffin outlined. “The FBI works very hard to proactively establish trust with companies, so when these types of things occur, we can quickly figure out what happened, & they can move forward.”