Former NHS IT Boss Jailed in Corruption Scandal

Former NHS IT Boss Jailed in Corruption Scandal

A former NHS IT director has been sentenced to three and a half years in prison for corruption, in another example of the dangers posed by malicious insiders.

Peter Lewis, 57, of Windlesham, Surrey, was the informatics director at the Royal Surrey County NHS Foundation Trust.

He was sentenced at Guildford Crown Court on Friday for accepting payments of nearly £90,000 – double his salary – in return for awarding a £950,000 IT contract, according to

Lewis had pleaded guilty to the charges back in November, along with Richard Moxon, 41, of Wybunbury in Cheshire, who confessed to making the payments.

The fraud was uncovered when the Trust began investigating Lewis’ relationship with another supplier.

Surrey police subsequently discovered that 40% of the IT product bought by Lewis to record A&E data was actually surplus to the requirements of the Trust.

It declared losses related to the project of £433,000 in its financial year 2011-12, according to Surrey police.

Sentencing, judge Stephen Climie reportedly claimed senior NHS staff like Lewis held “the very purse strings that could ultimately prevent the pain, suffering and even the death of patients.”

Although on this occasion the incident did not involve data theft or damage to IT systems, the news nevertheless highlights the potential threat to organizations of malicious insiders – especially those in senior managerial positions.

Half (49%) of IT professionals are concerned with the risk posed to their organization from employees, and 92% of healthcare IT leaders fear such threats, according to separate studies.

According to the PwC Information Security Breaches Survey 2015, only 10% of incidents were caused by “intentional” inside actors during the report period, as opposed to 26% ascribed to “accidental” insiders.

However, even one such incident could have a major impact on the victim organization, as this type of threat tends to be harder to spot and stop – especially if it's carried out by someone in a senior IT role with wide-ranging privileges and the know-how to cover their tracks.

Source: Information Security Magazine