Some days, I see a name in my news feed and think, “Oh, I know about that breach already.” But then I doublecheck, only to learn that no, this was not the breach I had covered a week or so ago, but yet another breach involving the same name or a similar name.
Such is the case with Trillium Health.
In March, I had noted that 50,000 Trillium Community Health Plan members were affected by the Accellion file transfer system breach.
But Trillium Community Health Plan is not Trillium Health. And the latter is in the news this week because there’s an update to an insider-wrongdoing case previously noted on this site.
The Rochester Democrat & Chronicle reports that a former Trillium Health IT specialist has pleaded guilty to misusing his access to access and acquire personal information on fellow employees.
Ameer Elashmawy, a 28-year-old Rochester man, pleaded guilty Monday to computer fraud.
Federal authorities say that Trillium spent more than $150,000 — court records peg the loss at $232,000 — in steps taken to hire a cybersecurity firm to decide how far Elashmawy had intruded into the company’s network. Employees whose information Elashmawy stole also were given credit monitoring and computer identification protection.
Read more on Democrat & Chronicle. Insider threats continue to pose a significant risk to corporations for a variety of motivations. Being able to detect when someone with authorized access may be exceeding that access can save the entity from costly breaches.