Former NHS IT Boss Jailed in Corruption Scandal

A former NHS IT director has been sentenced to three and a half years in prison for corruption, in another example of the dangers posed by malicious insiders.
Peter Lewis, 57, of Windlesham, Surrey, was the informatics director at the Royal Surrey County NHS Foundation Trust.
He was sentenced at Guildford Crown Court on Friday for accepting payments of nearly £90,000 – double his salary – in return for awarding a £950,000 IT contract, according to Digitalhealth.net.
Lewis had pleaded guilty to the charges back in November, along with Richard Moxon, 41, of Wybunbury in Cheshire, who confessed to making the payments.
The fraud was uncovered when the Trust began investigating Lewis’ relationship with another supplier.
Surrey police subsequently discovered that 40% of the IT product bought by Lewis to record A&E data was actually surplus to the requirements of the Trust.
It declared losses related to the project of £433,000 in its financial year 2011-12, according to Surrey police.
员工使用网盘来备份和分享文件么
Sentencing, judge Stephen Climie reportedly claimed senior NHS staff like Lewis held “the very purse strings that could ultimately prevent the pain, suffering and even the death of patients.”
Although on this occasion the incident did not involve data theft or damage to IT systems, the news nevertheless highlights the potential threat to organizations of malicious insiders – especially those in senior managerial positions.
Half (49%) of IT professionals are concerned with the risk posed to their organization from employees, and 92% of healthcare IT leaders fear such threats, according to separate studies.

According to the PwC Information Security Breaches Survey 2015, only 10% of incidents were caused by “intentional” inside actors during the report period, as opposed to 26% ascribed to “accidental” insiders.
在遭遇来自外部的安全意外事件时,首先要立即报告给管理人员,我们的工作重点是挽救损失,如果事件已经被曝光,要公开谴责攻击者的不良行径,并且及时通知和安抚受影响的用户。在内部立即开始查找根本原因采取相应的补救措施。
However, even one such incident could have a major impact on the victim organization, as this type of threat tends to be harder to spot and stop – especially if it's carried out by someone in a senior IT role with wide-ranging privileges and the know-how to cover their tracks.
您可能正在规划信息安全建设和发展的路线,甚至可能已经开始一些信息安全的项目,信息安全中最大的安全漏洞莫过于员工脆弱的安全意识,普通用户缺乏对普遍威胁的正确认识是网络犯罪的主因,所以,需加强对非IT人员的计算机安全基础培训。

猜您喜欢

让信息安全成为商业的核心竞争力
信息安全,技能还是认知?
网络安全公益短片中间人攻击防范
外媒:FIFA内部达成一致 世界杯扩军至48队
FAMILYOTC SAVINGSPORTAL
信息安全年会关注的焦点是信息安全意识