The FBI has announced that Christopher Dobbins pleaded guilty and was sentenced to a year in prison for breaching and temporarily disabling the Stradis Healthcare shipping system using a secret account, after being fired weeks earlier.
Last March, as doctors reported having to ration and reuse personal protective equipment (PPE) to treat COVID-19 patients, Georgia-based Stradis Healthcare, which packages and ships PPE and surgical kits, was eager to step up and help, according to FBI Special Agent Roderick Coffin, who investigated the matter.
“It was both a chance for the company to contribute to the national response and a business opportunity,” Special Agent Coffin, who works out of the FBI’s Atlanta Field Office, said in a statement.
Fired Exec, Secret Account
But several weeks earlier, Georgia-based Stradis had fired Dobbins from his job there as vice president, the FBI reported. Although the company revoked his credentials, Dobbins maintained a secret account, which still allowed him to access the company’s shipping data, the FBI said. In a classic insder threat attack, Dobbins used that retrained access to tamper with shipping data, temporarily halting the company’s efforts to distribute the lifesaving medical equipment.
“The company’s operations ground to a halt briefly, and disruptions continued for months,” the FBI reported.
Once the company was able to figure out what was going on, the FBI says they immediately contacted law enforcement, which put the FBI Atlanta Cyber Task Force on the case.
“Given the pandemic, it was especially urgent that we figure out what happened and ensure there was no continuing compromise,” Coffin said. “We also wanted to make a statement that the FBI and the U.S. Attorney’s Office are going to investigate and prosecute these types of crimes.”
Stradis CEO and co-founder Jeff Jacobs said in a statement that the company fully cooperated with law enforcement and is eager to put the matter aside and get back to business.
Stradis’ Open Strategy
“We work every day with these heroes in the medical community and are proud to be a key link in fighting this pandemic,” Stradis President Adam Sokol added. “Partnering with medical professionals has been the fundamental cornerstone of our company and what we strive to do every day – improve the lives of patients. And right now that critical mission is more important than ever, because we know patients’ lives are at stake, and we think about that every minute.”
This incident highlights the risk of insider threats, like disgruntled former employees, can pose to any organization. But it’s IT users with the most privileged access, like vice presidents, who pose the biggest security threat, according to Gurucul COO Craig Cooper.
“This not probably a surprise to a lot of people, that privileged IT users and administrators are looked at as the as the biggest threat to organizations,” Cooper said during a recent Threatpost webinar devoted to insider threat mitigation.”
Cooper adds that insider threats of all types are on the rise. Those numbers are expected to jump even higher in 2021, Forrester Research predicted. Currently, about 25 percent of data breaches are tied to insider threats and researchers said they expect that number to jump by a staggering 33 percent this year, driven by staff churn and remote work.
The FBI lauded Stradis Healthcare for its early engagement and open collaboration in the investigation related to the matter and said it help expedite the investigation and get the matter settled quickly and successfully.
“In computer intrusion cases, the crime scenes are the systems in these companies’ offices, and we need their assistance to process that in a way it’s admissible in court,” Coffin said. “The FBI works very hard to proactively establish trust with companies, so when these types of things occur, we can quickly figure out what happened, and they can move forward.”
Supply-Chain Security: A 10-Point Audit Webinar: Is your company’s software supply-chain prepared for an attack? On Wed., Jan. 20 at 2p.m. ET, start identifying weaknesses in your supply-chain with actionable advice from experts – part of a limited-engagement and LIVE Threatpost webinar. CISOs, AppDev and SysAdmin are invited to ask a panel of A-list cybersecurity experts how they can avoid being caught exposed in a post-SolarWinds-hack world. Attendance is limited: Register Now and reserve a spot for this exclusive Threatpost Supply-Chain Security webinar – Jan. 20, 2 p.m. ET.