Theranos destroyed crucial subpoenaed SQL blood test database, can't unlock backups, prosecutors say

CEO Holmes also accused of funding extravagant lifestyle through fraud


Failed blood-testing unicorn Theranos trashed vital incriminating evidence of its fraud, prosecutors said on Monday.

The imploded startup's extensive testing data over three years, including its accuracy and failure rate, was “stored on a specially-developed SQL database called the Laboratory Information System (LIS),” according to a filing [PDF] in the fraud case against Theranos's one-time CEO Elizabeth Holmes and COO Sunny Balwani.

The database “even flagged blood test results that might require immediate medical attention, and communicated this to the patient’s physician,” we're told.

Theranos claimed to have perfected technology that would allow industry standard blood tests to be run at great speed and with just a drop of blood, revolutionizing the health industry, and causing the business to be valued at $10bn.

The reality, however, was that for one set of tests, the failure rate was 51.3 per cent. What does that mean? Prosecutors explain: “In other words, Theranos’s TT3 blood test results were so inaccurate, it was essentially a coin toss whether the patient was getting the right result. The data was devastating.”

So devastating that the database was subpoenaed by a grand jury digging into fraud claims against Holmes and Balwani. But when investigators turned to take a copy of the database, guess what?

From the filing: “On or about August 31, 2018 - three months after a federal grand jury issued a subpoena requesting a working copy of this database - the LIS was destroyed. The government has never been provided with the complete records contained in the LIS, nor been given the tools, which were available within the database, to search for such critical evidence as all Theranos blood tests with validation errors. The data disappeared.”

High maintenance

It actually gets worse: Theranos hired a third party called IncRev Corp to run the database and paid it a handsome $10m over seven years to do so. It just so happened that IncRev’s CEO is an old friend of Balwani: Shekar Chandrasekaran. Even when Theranos went through massive cost-cutting in 2017 and stopped adding any new information to the database, IncRev was still paid $159,000 a month to maintain it – good work if you can get it.

When a grand jury issued a subpoena for the database, Theranos’s lawyer came up with a strategy to supply the info without exposing the company’s appalling test results: hand over a backup of the database to the government and fail to provide the necessary materials to reconstruct it.

Theranos founder Elizabeth Holmes

Elizabeth Holmes' plan to avoid her Theranos fraud trial worked out about as well as her useless blood-testing machines

READ MORE

How do we know this? Because prosecutors said they have the internal emails showing staff discussing exactly that: how the backup wouldn’t come with the “layers of applications and data.” Its VP of Operations emailed an internal lawyer: “If we are just handing over a database, I’m not sure it will meet the needs.”

If that wasn’t enough, all three versions of the backup provided to the US government came with a password that was necessary to open it up. And no one was able to remember it, at least according to the various internal emails flying around. After some discussion, it was agreed that Theranos’s former head of IT, Antti Korhonen, was the only one with the password. But then Korhonen wasn’t able to find it either.

Unable to get at the database, Uncle Sam put an expert on the case: “The government retained a computer forensic expert to assist in retrieving this data, who found that the ‘key’ file on the hard drive, required to reconfigure the SQL database, is itself encrypted by a distinct password (not the one provided with the transmittal letter to open the hard drive), and cannot be opened.”

While all this was going on, Theranos decided to shut down the facility that housed the database in Newark, New Jersey. Execs were warned that if the hardware and servers were taken apart “it would be almost impossible to recreate the database” by Theranos IT contractor Michael Chung. But they shut it down anyway, and any access to the database from that point was lost – both for Theranos and government investigators.

Oops?

Uncle Sam's legal eagles are not convinced this was an innocent mistake. Referring to the IncRev’s CEO, they note: “Even though Chandrasekaran knew the LIS hardware would be coming apart on Friday, August 31, 2018, and even though he was on an email chain in which the ‘all clear’ was given to take apart the hardware, he waited until two days later, September 2, 2018, to email a senior Theranos official with a list of items he would need from the database in order to reconstruct the LIS.

“The Theranos official forwarded the request to Chung, who pointed out that the database had been ‘torn down’ on Friday. Chandrasekaran followed up several times, and referenced Variam’s June 6 email with the information on the ‘password for restore.’ The government anticipates that Chung will testify that he had no idea what Chandrasekaran’s role was during this time, but he was not under the impression that Chandrasekaran was trying to obtain a working copy of the LIS database.”

Its conclusion? “It does not appear from the timing of Chandrasekaran’s requests that he, in fact, intended to successfully copy the database before it shutdown.”

There is plenty of other evidence that, despite Theranos’s repeat claims, its machines were so inaccurate that they were fundamentally worthless. But the database would have provided clear proof that the company had to be aware that its entire testing system was fundamentally flawed, which itself supports the argument that the startup knowingly misled investors. While lying in press releases and interviews is reprehensible, it’s not necessarily a crime. However, lying in presentations to people in order to pull in investment is.

The failure to retain a working copy of a database that the company had paid millions to build and maintain, and which contained critically important information for the functioning of the business, is, let’s say, suspicious. Sufficiently suspicious that prosecutors wrote an entire filing about it.

Profligate

In addition to that, prosecutors have also been digging into Holmes’ behavior around the same time, and revealed in a separate filing that she was funding an extravagant lifestyle including "travel on private jets, stays in luxury hotels, and access to multiple assistants” through company money.

"Although Defendant's assistant was an employee of the company, she handled a range of non-business tasks for Defendant, including personal clothes and jewelry shopping, home decorating, food and grocery buying, and other items," prosecutors said.

Other filings reveal that Holmes would often personally handle complaints about how inaccurate its tests appeared to be, something that prosecutors says is evidence that the CEO knew that its testing machines didn’t work while at the same time continuing to claim the opposite in public.

Holmes and Balwani face a dozen criminal wire fraud charges apiece, and up to 20 years in prison if found guilty. ®

Broader topics


Other stories you might like

  • Lonestar plans to put datacenters in the Moon's lava tubes
    How? Founder tells The Register 'Robots… lots of robots'

    Imagine a future where racks of computer servers hum quietly in darkness below the surface of the Moon.

    Here is where some of the most important data is stored, to be left untouched for as long as can be. The idea sounds like something from science-fiction, but one startup that recently emerged from stealth is trying to turn it into a reality. Lonestar Data Holdings has a unique mission unlike any other cloud provider: to build datacenters on the Moon backing up the world's data.

    "It's inconceivable to me that we are keeping our most precious assets, our knowledge and our data, on Earth, where we're setting off bombs and burning things," Christopher Stott, founder and CEO of Lonestar, told The Register. "We need to put our assets in place off our planet, where we can keep it safe."

    Continue reading
  • Conti: Russian-backed rulers of Costa Rican hacktocracy?
    Also, Chinese IT admin jailed for deleting database, and the NSA promises no more backdoors

    In brief The notorious Russian-aligned Conti ransomware gang has upped the ante in its attack against Costa Rica, threatening to overthrow the government if it doesn't pay a $20 million ransom. 

    Costa Rican president Rodrigo Chaves said that the country is effectively at war with the gang, who in April infiltrated the government's computer systems, gaining a foothold in 27 agencies at various government levels. The US State Department has offered a $15 million reward leading to the capture of Conti's leaders, who it said have made more than $150 million from 1,000+ victims.

    Conti claimed this week that it has insiders in the Costa Rican government, the AP reported, warning that "We are determined to overthrow the government by means of a cyber attack, we have already shown you all the strength and power, you have introduced an emergency." 

    Continue reading
  • China-linked Twisted Panda caught spying on Russian defense R&D
    Because Beijing isn't above covert ops to accomplish its five-year goals

    Chinese cyberspies targeted two Russian defense institutes and possibly another research facility in Belarus, according to Check Point Research.

    The new campaign, dubbed Twisted Panda, is part of a larger, state-sponsored espionage operation that has been ongoing for several months, if not nearly a year, according to the security shop.

    In a technical analysis, the researchers detail the various malicious stages and payloads of the campaign that used sanctions-related phishing emails to attack Russian entities, which are part of the state-owned defense conglomerate Rostec Corporation.

    Continue reading

Biting the hand that feeds IT © 1998–2022