Jailed: Fired director who sabotaged organ donation records

Former IT director of LifeGift Organ Donation Center Danielle Duann, a nonprofit organ procurement center, was sentenced to two years in prison. In addition, Duann also had to pay more than $94,000 in restitution for deliberately deleting organ donation records--and other data--the day after being fired from her job.

What is unique about this case is that proper procedures were being followed to the letter. For example, Duann's access rights to the network were revoked prior to her being informed in writing about her termination. What's more, the company also took additional steps to secure the administrator accounts that she was known to have access to.

Unfortunately, Duann apparently gained remote access the same evening via a VPN account that she had set up without anyone's knowledge. Using the administrative account of another LifeGift staffer, she logged on to several servers over the next few hours; methodically deleting "donor records, accounting invoice files, database and software applications, backup files and software tokens required to run some of the applications."

This case highlights the difficulty of protecting organizations from malicious individuals from the inside. In this instance, Duann was caught only because a third-party company hired to provide backup and disaster recovery services noticed someone deleting files via a VPN connection, and moved quickly to terminate the connection. VPN log files allowed investigators to follow the trail back to her.

For more on this story:
- check out this article at Computerworld

Related Articles:
Report: Data theft concerns rise
Data security's worst year yet
What to do after a data breach
Survey: One in Five firms cut IT spending