Skip to main content
close search
site logo
Dive Brief

Why a federal jury ordered Tata Consultancy to pay Epic Systems $940M

Published April 20, 2016
By
Contributing Editor
Flickr; Robert Couse-Baker

Dive Brief:

  • A U.S. federal jury ordered Tata Consultancy Services to pay Epic Systems Corp. $940 million after a TCS employee used credentials from a previous contract to illegally access confidential data.
  • The employee reportedly accessed an Epic Web portal using prior TCS credentials for more than two years and even shared the credentials with other TCS employees. 
  • Epic, a U.S.-based healthcare software company, alleged that TCS, India's biggest outsourcing provider by revenue, used the accessed information to help one of TCS' competing healthcare software products. 

Dive Insight:

In 2011 Kaiser Permanente contracted with TCS to test new versions of Epic software prior to installation. Epic reportedly intended to deactivate the TCS employee’s account after the project finished, but the account was instead listed as "expired." From there, the TCS employee was able to reactivate his account and use it in 2013 and 2014, according to court documents.

"This is basically every CIO and CISO’s nightmare – unauthorized access to sensitive data and information by offshore contractors that are a direct or indirect part of their supply chain," said Avivah Litan, vice president and distinguished analyst at Gartner Inc. in an email sent to the Wall Street Journal.

In addition to the long-term unauthorized access, other people used the TCS employee’s credentials to download over 6,000 documents and more than 1,600 files between June 2012 to June 2014. Epic was able to block the TCS employees’ credentials in June 2014.

TCS said "did not misuse or derive any benefit from downloaded documents from Epic System’s…portal," according to a statement posted to its website. 

The case draws attention to some of the challenges associated with controlling permissions on jobs that include third-party contractors, a large part of the IT world. 

Last month, a New York-based IT contractor outsourced government work to India, a move that violated state security rules, according to New York investigators. Focused Technologies Imaging Services, which had a $3.45 million contract to scan and index 22 million fingerprint cards from the New York State Division of Criminal Justice Services, hired an India-based company to perform significant portion of the work, according to state officials and reported by Computerworld. The company was fined $3 million for the infringement and was required to hire an independent monitor approved by the attorney general's office.

Recommended Reading

Editors' picks

Company Announcements

View all | Post a press release
Legion Technologies Partners with Vail Resorts to Expand Workforce Management Across 37 Resort…
From Legion Technologies
November 19, 2024
Graphiant Predicts Transformative Changes in Enterprise Connectivity and Data Assurance for 20…
From Graphiant
November 20, 2024
PointFive is Apparently the Hottest Cloud Startup, Here is Why
From Jordan Mitchell
November 21, 2024
Unanet Acquires GovPro AI to Enable Customers to Win More Business
From Unanet
November 22, 2024
Editors' picks
Latest in IT Strategy
Industry Dive is an Informa TechTarget business.
© 2024 TechTarget, Inc. or its subsidiaries. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell
This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world's technology buyers and sellers. All copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.'s registered office is 275 Grove St. Newton, MA 02466.