He worked as a sales employee for Onyx MD, a Denver, Colorado, company that provides physician staffing services nationwide with the primary focus being temporary placement of physicians.
The company uses a password-protected third-party web-based software application for customer relationship management. The web-based software is also used for numerous business functions, including employees accessing their e-mail, reviewing calendar events and tasks, and accessing client and prospective client records.
In September 2011, Onyx noticed that its development director’s account was set up to forward copies of his e-mail messages to another e-mail address outside the company. He had not configured that setting.
E-mails were rerouted
It was later determined that three other Onyx executives also had copies of their e-mails rerouted without their permission.
An investigation was initiated by law enforcement after the executives determined that an intruder had not only rerouted copies of executives’ e-mails, but also accessed a proprietary company database that contained physician and client information. Of the information illegally accessed, 90 percent of the candidate physician profiles were for surgeons.
Investigators determined that the intruder disguised the true IP address. Follow-up determined that the intruder used a Qwest IP address affiliated with a private residence in Arvada, Colorado. Also used was an IP address located in Kremmling, Colorado.
That’s when the investigation began to target Blake Douglas Snowden, 44, a former sales employee at Onyx who primarily focused on recruitment and placement of surgeons until his employment was terminated on August 30, 2010.
In 2011 Snowden started to work for an affiliate of All Star Recruiting, a Florida-based physician recruiting company that competed with Onyx in the temporary placement of physicians.
Search warrant executed
On December 15, 2011, a search warrant was executed at Snowden’s Arvada residence. During the search, digital evidence, namely two laptops and removable storage media, was found.
Numerous Microsoft Word documents, e-mails and recorded conversations were found on the electronic media seized from the residence. The files found on the laptops revealed that the defendant had obtained passwords that enabled him to fully access the Onyx web-based software beginning in March 2011 through September 2011.
Further investigation into various e-mail accounts controlled by Snowden revealed that he had intercepted approximately 19,502 unique e-mail messages that had been sent to Onyx’s executives during that time period.
Snowden, no relation to the infamous Edward Snowden, was indicted by a grand jury in Denver on November 20, 2013. He pleaded guilty on May 28, 2014. He was sentenced to 30 months in prison on March 12, 2015. Snowden was also ordered to pay restitution of $25,354 to Onyx Healthcare, Inc.