The ex-VP conducted an intrusion into his former employer’s package shipping system & delayed PPE essential to healthcare workers.
The former VP of a healthcare company was sentenced last week, 6 months after he was charged with sabotaging electronic shipping records, something that ultimately wound up delaying shipments of the company’s personal protective equipment (PPE) in a pandemic.
Georgia DA’s Office
The US Attorney’s Office for the Northern District of Georgia announced in April that the ex-employee, Christopher Dobbins, had been charged after reportedly using a secret account to access his former company’s computer system. It was not until last Tues. that he was sentenced for his – 1 year & 1 day & asked to pay a $221,200 restitution charge.
Dobbins previously pleaded guilty in July to a charge of ‘reckless damage to a protected computer.’
While the DOJ did not name this healthcare company, Dobbins was originally the VP for Georgia-based Stradis Healthcare, LLC, a company that manufactures surgical packs & medical kits for acute care & large multi-practice facilities.
Stradis, for its part, confirmed in April that it was working with the FBI on the case & that employees & the assembly line had been working at full capacity during the man’s criminal activity. While the intrusion reportedly led to delays, the shipping of those key supplies eventually returned to full strength.
Explained US Attorney Byung J. “BJay” Pak, Dobbins lost his job in March, & subsequently lost his access to the company’s shipping information.
He received his final pay-check on Mar. 26 & while ordinarily that would mark the end of his dealings with his now ex-employer, 3 days later he used a fake user account he set up to login to the company’s computer systems, only to create another fake account.
With that fake account he edited & deleted shipping records – he edited 115,581 records & deleted 2,371 records in total before deactivating both fake accounts & logging out, according to the DOJ.
Dobbins’ actions threw the company’s shipping processes into disarray, delaying PPE to healthcare providers that was obviously much needed. For context, Dobbins logged into his company’s systems & disrupted supplies Mar. 29, nearly 3 weeks after Mar. 11, when the World Health Organization (WHO) declared the novel Coronavirus (COVID-19) outbreak a global pandemic.
While the company would usually be able to deliver PPE on the same day, Dobbins’ sabotage caused delays of 24 to 72 hours, says the Associated Press.
“As businesses worked to get PPE into the hands of those most in need of it, Dobbins chose to hack his former employer & maliciously interrupt that process,” Pak told the AP last week. “His actions caused delays in the delivery of desperately needed equipment in the midst of a worldwide pandemic.”
The case is similar to another case, from last week, involving an IT administrator who was ‘let go’ & used a “superuser” admin account afterwards to access company data.
In that instance, which involved the now defunct department store Century 21, the employee reportedly stole employee data from the company, & tampered with its holiday payroll policy.
Although some companies rely on a 3rd-party portal to facilitate shipping. It appears Stradis uses an ‘in-house portal’, & the DOJ says Dobbins “logged in to the company’s computer systems” to disrupt the company’s shipping processes.
It is unclear if the company relied on any solutions to monitor employee activity or data manipulation, & if such technologies could have minimised the results of Dobbins’ sabotage.