Lawsuit Reveals Security Dispute DetailsConnecticut Clinic Sues Fired IT Director
The lawsuit is another component of an acrimonious dispute, which also involves an investigation by Connecticut's attorney general into an alleged security breach potentially affecting data of up to 130,000 patients.
The case involves Ali Eslami, the former IT director of Middletown-based Community Health Center, who was fired by the organization in February. Eslami claims he was dismissed because he confronted CHC's top management about his suspicions of an alleged hacker attack on the healthcare organization's systems.
CHC alleges in its lawsuit that Eslami refused to provide the encryption key for data stored on his clinic-owned laptop and passwords for "critical CHC IT accounts such as Amazon cloud computing" and has harassed CHC CEO Mark Masselli and his family.
CHC's lawsuit also alleges, among other things, that on Feb. 26, 2014, two days after the clinic fired Eslami, he posted on You Tube, without authorization, e-mails from two CHC executives about patient satisfaction surveys.
The lawsuit seeks "in excess of $15,000" in damages and legal fees.
An injunction recently granted by the Connecticut Superior Court at CHC's request orders Eslami not to cause unauthorized use, access, interruption, misuse and destruction of the CHC computer system. It also requires that he return any property, data and passwords he has that belong to CHC.
In an interview with Information Security Media Group, Eslami argues that CHC's allegations are an attempt to stop him from discussing on social media, including in his personal blog, circumstances involving his dismissal from the organization.
Eslami alleges he was terminated from his position, where he had worked for 14 years, due to his assertion that the clinic's systems had been breached by a man-in-the-middle attack, potentially putting data of thousands of patients at risk for ID theft and credit card fraud.
He also alleges that when the CHC shipped him his personal belongings after his termination, the delivery included a hard drive containing data on about 130,000 patients, which Eslami says he turned over to the state. CHC, however, denies that it shipped Eslami the hard drive. "Items returned were of a personal nature and did not include any data. They were thoroughly vetted by members of senior management to assure this," CHC says in a statement to ISMG.
A spokeswoman for Connecticut's AG says the matter is still under investigation by the state.
CHC declined to comment on the lawsuit or the ongoing dispute.