The Associated Press reports that Scott Graham of Ohio faces prison time after pleading guilty in federal court to felony charges of intercepting electronic communications by using spyware to spy on a woman’s computer activities. By spying on her, he also accidentally retrieved confidential information from the computer system at Akron Children’s Hospital, where she was employed. The software he employed was purchased over the Internet by a firm who says it is legal to use the software — if it’s installed on a computer owned by the purchaser.
According to the AP, Graham sent an email with a spyware attachment to the woman last year. She opened the attachment on two computers at work.
The spyware picked up confidential information about medical procedures and patients — as well as financial records for four employees — over the course of about three weeks.
[…]
When Graham’s spyware was opened, Akron Children’s Hospital was in the process of upgrading its system and putting up a firewall on all computers that would have blocked the spyware, Lyden said.
The firewall had not been activated on the two computers used to open Graham’s e-mail attachment.