IG: Mental Health - The Columbus Dispatch

State of Ohio
Office of the Inspector General
RANDALL J. MEYER, Inspector General
Report of
Investigation
AGENCY: OHIO DEPARTMENT OF MENTAL HEALTH
FILE ID NO.: 2011-176
DATE OF REPORT: JUNE 24, 2013
The Office of the Ohio Inspector General ...
The State Watchdog
“Safeguarding integrity in state government”
The Ohio Office of the Inspector General is authorized by state law to investigate alleged
wrongful acts or omissions committed by state officers or state employees involved in the
management and operation of state agencies. We at the Inspector General’s Office
recognize that the majority of state employees and public officials are hardworking,
honest, and trustworthy individuals. However, we also believe that the responsibilities of
this Office are critical in ensuring that state government and those doing or seeking to do
business with the State of Ohio act with the highest of standards. It is the commitment of
the Inspector General’s Office to fulfill its mission of safeguarding integrity in state
government. We strive to restore trust in government by conducting impartial
investigations in matters referred for investigation and offering objective conclusions
based upon those investigations.
Statutory authority for conducting such investigations is defined in Ohio Revised Code
§121.41 through 121.50. A Report of Investigation is issued based on the findings of the
Office, and copies are delivered to the Governor of Ohio and the director of the agency
subject to the investigation. At the discretion of the Inspector General, copies of the
report may also be forwarded to law enforcement agencies or other state agencies
responsible for investigating, auditing, reviewing, or evaluating the management and
operation of state agencies. The Report of Investigation by the Ohio Inspector General is
a public record under Ohio Revised Code §149.43 and related sections of Chapter 149.
It is available to the public for a fee that does not exceed the cost of reproducing and
delivering the report.
The Office of the Inspector General does not serve as an advocate for either the
complainant or the agency involved in a particular case. The role of the Office is to
ensure that the process of investigating state agencies is conducted completely, fairly, and
impartially. The Inspector General’s Office may or may not find wrongdoing associated
with a particular investigation. However, the Office always reserves the right to make
administrative recommendations for improving the operation of state government or
referring a matter to the appropriate agency for review.
The Inspector General’s Office remains dedicated to the principle that no public servant,
regardless of rank or position, is above the law, and the strength of our government is
built on the solid character of the individuals who hold the public trust.
Randall J. Meyer
Ohio Inspector General
REPORT
OF
INVESTIGATION
FILE ID NUMBER:
2011-176
SUBJECT NAME:
1) Brian Bollinger
2) Weldon Cartwright
3) Charles Combs
4) Scott Cooper
5) Scott Prater
6) Jeff Weese
POSITION:
Police Officer 2 (1, 4, 5)
Custodial Worker (3, 6-retired)
Psychiatric/MR Nurse (2)
AGENCY:
Ohio Department of Mental Health
BASIS FOR INVESTIGATION:
Agency Referral
ALLEGATIONS:
Misuse or abuse of state property or equipment
INITIATED:
September 28, 2011
DATE OF REPORT:
June 24, 2013
INITIAL ALLEGATION AND COMPLAINT SUMMARY
On September 21, 2011, the Office of the Ohio Inspector General received a complaint from the
Ohio Department of Mental Health (ODMH) alleging six ODMH employees, Brian Bollinger,
Weldon Cartwright, Charles Combs, Scott Cooper, Scott Prater, and Jeff Weese were using stateissued computers “beyond the scope of consent and surfing non-work related websites containing
pornography.1” An investigation was opened by the Office of the Ohio Inspector General on
September 28, 2011. The Ohio State Highway Patrol (OSHP) assisted with the investigation by
helping to obtain several computers from the employees’ worksites and with a preliminary
analysis of the employees’ Internet activity.
BACKGROUND
Ohio Department of Mental Health
The Ohio Department of Mental Health (ODMH) is responsible for overseeing the state’s mental
health service system. ODMH operates six regional psychiatric hospitals throughout the state. The
department works with community-based organizations that are responsible for providing mental
health services. The director of ODMH acts as the chief executive officer of the agency and is
appointed by the governor and confirmed by the Ohio Senate. Funding for operation of the
department is provided through the state general revenue fund, federal funding, and payments
received from insurance companies for services provided.
Effective July 1, 2013, ODMH will merge operations with the Ohio Department of Alcohol and Drug
Addiction Services to become the Ohio Department of Mental Health and Addiction Services.2
Regional Psychiatric Hospitals
ODMH operates six regional psychiatric hospitals in the following Ohio cities:

Appalachian Behavioral Healthcare – Athens

Heartland Behavioral Healthcare – Massillon

Northcoast Behavioral Healthcare – Northfield and Cleveland3
1
The term “pornography” is used in this report when the Ohio Department of Mental Health used it in written
memorandums or reports. Otherwise, the term “sexually explicit material” is used as that is the term ODMH uses in
their policy given to employees.
2
Source: Biennial budget documents
3
Northcoast Behavioral Healthcare’s Cleveland facility has since been closed.
1

Northwest Ohio Psychiatric Hospital – Toledo

Summit Behavioral Healthcare – Cincinnati

Twin Valley Behavioral Healthcare – Columbus
Ohio Revised Code §5119.14, Appointing special police officers for institutions, states the
managing officer of an ODMH institution may designate employees to be special police officers
of the department. These police officers must successfully complete a basic training program
approved by the Ohio Peace Officer Training Commission and be certified by the commission.
The officers are “subject to the rules of the department, shall protect the property of the
institutions and the persons and property of patients in the institutions, suppress riots,
disturbances and breaches of the peace, and enforce the laws of the state and the rules of the
department for the preservation of good order.”
Applicable Policies Reviewed During the Investigation
ODMH policy AI-78, Use of Internet, E-mail and other IT Resources, was directed to all ODMH
employees and was effective as of October 14, 2008. Section E.4., Unacceptable use, states any
use of IT resources that has the appearance of impropriety is strictly prohibited. Specific uses
that are strictly prohibited in the policy and relating to this investigation included the following:

Accessing or participating in any type of personal ads or services, such as or similar to
dating services, matchmaking services, companion-finding services, pen pal services,
escort services, or personals ads.

Downloading, displaying, transmitting, duplicating, storing, or printing sexually explicit
material.

Any use of state-provided IT resources to operate, participate in, or contribute to an
online community, including, but not limited to, online forums, chat rooms, listserv,
blogs, wikis, peer-to-peer file sharing, and social networks ... unless organized or
approved in writing by the CEO or Central Office administrator.
The IT resources policy also states the installation and use of unlicensed software is strictly
prohibited, and only the ODMH Office of Information Services or designated information
technology staffs are permitted to install software on ODMH computers.
2
ODMH policy AI-53, Password and Personal Identification Number Security, was directed to all
ODMH employees and was effective as of October 14, 2008. The policy specifies the minimum
requirements for the creation and use of passwords by employees. The policy states “passwords
are selected or assigned to individual users. Shared passwords are not permitted. Users are
responsible for actions taken using their passwords, and should not share or divulge their
passwords to anyone, including system administrators, managers, or other staff members who
may ask.”
INVESTIGATIVE SUMMARY
On September 21, 2011, the Ohio Department of Mental Health referred a complaint to the
Office of the Ohio Inspector General regarding allegations of improper use of state-issued
computers by six employees: Brian Bollinger (Police Officer 2), Weldon Cartwright (Psychiatric
Nurse), Charles Combs (Custodial Worker), Scott Cooper (Police Officer 2), Scott Prater (Police
Officer 2) and Jeff Weese (Custodial Worker). According to the ODMH referral memorandum
addressed to the Office of the Ohio Inspector General, the department first identified the alleged
prohibited Internet activity in November 2010 through Internet monitoring security reports
generated by an ODMH network-based computer software which monitors employees’ Internet
activity. These reports identified select sites visited by and associated with each employee’s user
profile,4 and defined numerous sites as falling within the ODMH classification defined as
“pornography.” A detailed Internet monitoring security report was generated by ODMH listing
each site visited through the user profiles associated with each of the employees.
ODMH Security Consultant Nacrina Alvarez de Blanco was assigned to collect additional
information regarding the allegations and instructed Information Security Officer Bruce Orr and
Northcoast Behavioral Healthcare Chief of Police James Wuliger to review the report. ODMH
continued to monitor the employees’ Internet activity, and additional information was gathered
by Orr and Wuliger.
4
A user profile is a unique user identification or name assigned to each ODMH employee that, in accordance with
ODMH policy, must be used when logging on to access an ODMH computer. The user names are the employee’s
last name and first initial of their first name.
3
When providing the security reports to the Office of the Ohio Inspector General, ODMH stated
the reports generated show categories of the type of site visited, such as search engine, games,
educational websites, or “other.” The reports also classify each site visited as acceptable,
unacceptable, or neutral, depending on pre-selected criteria to reflect the agency’s policies on
acceptable use of the Internet. For example, an acceptable site might be a search engine, a
government website, or legal website. Unacceptable sites were established based on ODMH
policy AI-78 and included, but were not limited to, the following categories ODMH defined as:
“web email, chat/instant messaging, travel, vehicles, TV/video streaming, social networking, and
pornography.” Sites found in the category “other,” required further direct analysis and scrutiny
in order to be reclassified as acceptable, unacceptable, or neutral. In addition, the report
provided by ODMH included a review of the key words used in the search engine sites where a
user had entered sexually explicit terms.
The Office of the Ohio Inspector General compiled the information from the ODMH Internet
monitoring security reports between August 2010 and December 2010. The following table
shows the number of sites visited by the user name assigned to the employee, and the number of
visits to the sites, sorted by ODMH website classification:
Classifications and Number of Hits by Employees Under Investigation
Employee
Acceptable
Unacceptable
Neutral
Total
Pornography5
Bollinger
3,701
1,084
67
4,852
295
Weese
2,170
3,312
505
5,987
292
Prater
1,949
669
223
2,841
223
Cooper
1,987
626
209
2,822
184
Combs
699
218
12
929
109
Cartwright
449
133
26
608
46
Given the limitations of the ODMH security reports, the Office of the Ohio Inspector General, in
conjunction with the Ohio State Highway Patrol, decided to perform a more detailed analysis of
the computers used by the six employees. As a result, 12 computers were obtained on October
20, 2011, at the following locations:
5
As defined and classified by the Ohio Department of Mental Health.
4

Heartland Behavioral Healthcare – two in Massillon

Northcoast Behavioral Healthcare – three in Northfield and three in Cleveland

Northwest Ohio Psychiatric Hospital – four in Toledo
Additionally, one computer located at Appalachian Behavioral Healthcare in Athens and three
computers at Twin Valley Behavioral Healthcare in Columbus were obtained by ODMH on
October 6, 2011, and moved to a secure location until retrieved by OSHP. These computers
were later identified as being used by Combs and Cartwright.
The OSHP computer forensic unit began with an initial review of the computers to ensure that
images, videos, or websites viewed did not contain underage individuals. When it was
determined by OSHP there were no such items on the computers, 10 computers associated with
Bollinger, Cooper and Prater’s user names were turned over to the Office of the Ohio Inspector
General on July 9, 2012, for further analysis. These employee user profiles were selected based
on the number of times sites classified by ODMH as “pornography” were identified on the
ODMH Internet monitoring security reports. Weese retired on December 1, 2011, and no
analysis was performed to review his usage. Of the 10 computers analyzed, one did not contain
user profiles for Bollinger, Cooper, or Prater, and another had a damaged hard drive and was
inaccessible. For the eight remaining computers, the Office of the Ohio Inspector General
focused on four areas in reviewing the records found in each computer to determine if sexually
explicit websites, images, or videos were viewed or downloaded in violation of ODMH Policy
AI-78, Use of Internet, E-mail and other IT Resources, and Section E.4.
Typed Uniform Resource Locator (URL) Information
ODMH employees access the Internet by using the Microsoft Windows Internet Explorer
application. Typed URLs are entries made by the user in the Internet Explorer’s6 address bar and
are manually typed by the user to identify a unique website the user would like to access. When
pressing “enter” to access the website, the Microsoft Windows operating system registry also
records the address. URL entry history is stored under a user’s profile in the registry and can be
reviewed at a later time.
6
Internet Explorer is Microsoft Corporation software used to access the Internet.
5
Cookies
A cookie is a small piece of data associated with a user profile received from a website and
stored in a user’s web browser while the user is accessing a website. When the user accesses the
same website in the future, the data stored in the cookie can be retrieved by the website to allow
review of the user’s previous activity. Cookies are actual files and are saved to a folder under a
user’s profile. Internet Explorer also maintains a separate database file that lists cookies
associated with a user profile.
Temporary Internet Files
Internet Explorer uses a temporary file to store copies of website content on a computer’s hard
drive. The feature is used to improve network performance and in the process leaves data on a
user’s computer. A user can delete information contained in the folder through Internet Explorer
or manually. Similar to cookies, Internet Explorer maintains a separate database list of all
temporary files associated with a user profile.
Cache Internet Files
A web cache is a mechanism for the temporary storage, or caching, of web documents. Internet
Explorer maintains a separate database for cached files that can be used as another source of
Internet history.
The Office of the Ohio Inspector General also reviewed files that had been downloaded and
saved to the computer hard drives and any time the user attempted to delete them.
In addition, a review of the computers found anti-forensic software had been downloaded to
computers containing user profiles for Bollinger and Cooper. These software programs gave the
user the ability to “clean” the computer and delete information from the typed URL information,
cookie, temporary Internet, and cached Internet files.
Brian Bollinger
Three of the four computers obtained from Northwest Ohio Psychiatric Hospital in Toledo and
analyzed by the Office of the Ohio Inspector General contained Bollinger’s user profile.
6
Bollinger’s profile showed continual use of anti-forensic software programs on two of the
computers. On one computer, one program was executed more than 1,900 times and appeared to
have been set to run automatically once a day.
The following is the information the Office of the Ohio Inspector General was able to obtain
from the analysis of Bollinger’s user profile on three computers:

Typed URL Information – No information was obtained from any of the computers. The
analysis was unable to determine if the anti-forensic programs or the user deleted the
URL history.

Cookies – On one computer, it appeared the cookies were recently deleted. However, the
files were recovered. On the other two computers, the cookie folder was empty and the
backup database file had been corrupted or cleared.

Temporary Internet Files – Information from two computers was recovered through the
temporary Internet file folder or the backup database file. One computer contained no
folders or files. The information recovered contained website addresses that were later
analyzed.

Cache Internet Files – All three computers contained a fully intact cache file providing a
record of Internet activity associated with Bollinger’s user profile, and allowing the
website addresses in the cache file to be further analyzed.
From the recovered files, the analysis determined four instances of Bollinger accessing sexually
explicit material saved as cookies, and one image that had been deleted. The information
remaining from the deleted file contained Bollinger’s user profile. A review of the website
addresses from the cache file associated with Bollinger’s user profile showed that the user:

Viewed a website with free online communities where members can share discussions,
pictures, and reviews. From the website address information, the Office of the Ohio
Inspector General was able to determine Bollinger’s user profile accessed approximately
30 different community forums related to sexually explicit material.

Viewed websites for adults to meet for casual sex. The sites require participants to pay
for a monthly subscription fee but offer limited free accounts or trials. The analysis
7
determined an individual logged into a subscription account under Bollinger’s user
profile.

Accessed 14 sexually explicit videos from a website claiming to have “the best bisexual
porn movies.”
Given the numerous occasions in which the anti-forensic software was used, the Office of the
Ohio Inspector General was unable to determine the full list of sites potentially visited under
Bollinger’s user profile.
On December 4, 2012, the Office of the Ohio Inspector General interviewed ODMH Police
Officer Brian Bollinger. When asked to explain how the log-in process works on the computers
at ODMH, Bollinger stated everyone has a user name and password that is used to log-on to a
computer. The officers have access to any computer in the facility, but the officers primarily use
three computers in the squad room. Bollinger also said, “most of the guys in the office know
each other’s passwords.” When asked if he had given his password to anyone, he said “there
was (sic) a couple of guys that knew it.”
Bollinger explained it was possible for someone else to use a computer after an individual signed
on and later left the office for a period of time. When asked if the system logged an employee
off the computer if it was inactive for any length of time, Bollinger replied, “I think so. Now I
don’t know what the timeframe is though.”
Bollinger was then asked if he knew about the anti-forensic software installed on the computers
in the squad room. Bollinger stated Lee Lawrence, a retired officer who served as their
lieutenant for a period of time, had downloaded the anti-forensic software to the computers, but
Bollinger did not know why. Bollinger believed Kevin Marshall, the information service officer
for the Northcoast Behavioral Healthcare facility, may have given Lawrence permission to
download the anti-forensic software program. When asked if Bollinger knew the purpose of the
software, Bollinger said Lawrence explained to him “it’s supposed to delete your browsing
history.” Bollinger also said the anti-forensic software program was run “at the end of our shift
all the time.”
8
The Office of the Ohio Inspector General provided Bollinger a list of the websites visited under
Bollinger’s user profile from the ODMH security reports. Bollinger stated he knew about the
adult dating website, but denied accessing it on the computer he used at work. Other sites listed
on the ODMH report were classified as unacceptable under ODMH policies, such as
TicketMaster and personal email accounts. Bollinger admitted accessing those sites, saying he
would check his personal email accounts as outside agencies would email items to him on that
account.
When asked if he “… surfed, looked at, accessed adult oriented material during the course of
your duty day on a state computer in this facility,” Bollinger replied, “… probably at some point,
yes.” Bollinger stated further that he “probably” saw others accessing the material, including
Lawrence and Cooper. Bollinger also stated no one had ever told the unit’s personnel to stop
accessing restricted sites, and when trying to access some websites, the sites came up as
restricted. Bollinger went on to say, “… but there’s some we can get into.”
On January 22, 2013, the Office of the Ohio Inspector General contacted Lee Lawrence by
telephone who twice stated he did not remember if he visited “explicit adult” websites.
Lawrence commented that it was easy for others to place the blame on him since he was retired.
Lawrence further stated he and the other officers at the facility knew that Cooper and Bollinger
kept their passwords in their desk drawers. When asked about Bollinger’s comments regarding
Lawrence downloading the anti-forensic software on the ODMH computers, Lawrence stated
that Marshall allowed him to “… put it on because the computers were slow.” Lawrence also
instructed the other officers on how to use the software, but he “… never issued a directive for
the police officers to run the software at the end of each shift.” Lawrence denied the software
would allow anyone to hide anything, as the Internet usage would have been captured by the
ODMH server in the central office.
On January 18 and February 12, 2013, the Office of the Ohio Inspector General contacted
Northcoast Behavioral Healthcare Information Service Officer Kevin Marshall by telephone.
Marshall stated he utilized the anti-forensic software on the computers at Northwest Ohio
Psychiatric Hospital after a computer virus had been detected on the computers. Marshall stated
9
he had not used the software in more than a year. Marshall denied telling anyone to download or
install the software on any of the computers or to run the program at the end of each shift.
Marshall was also not aware the officers were exchanging password information and stated it
was prohibited by both ODMH and state policy. Marshall added that he thought the Toledo
office was more relaxed about the policy prohibiting the exchange of passwords, but thought the
police officers would be “more strict” when it came to security issues. When asked if the
computers automatically log-off after several minutes of inactivity, Marshall stated the
computers would “lock” a user from using the computer after 15 minutes of inactivity. The user
would then need to enter his or her password to “un-lock” the computer. The user profile would
not be logged-off unless the user selected “log-off” from the main Windows menu, or the user
shut down the computer. When the computer is “locked” it remains on the user profile and only
a password is needed to “un-lock” the computer.
Scott Cooper
All four computers obtained from Northwest Ohio Psychiatric Hospital in Toledo and analyzed
by the Office of the Ohio Inspector General contained Cooper’s user profile, including one
computer located in Cooper’s office. Cooper’s profile also showed use of anti-forensic software
programs on all of the computers.
The following is the information the Office of the Ohio Inspector General was able to obtain
from the analysis of Cooper’s user profile on the four computers:

Typed URL Information – Information was obtained from one of the four computers,
specifically, only two entries. The analysis was unable to determine if the anti-forensic
software programs or the user deleted the information.

Cookies – On two computers, it appeared the cookies were recently deleted. However,
the files were recovered. On the other two computers, the folder was empty but the
information was able to be recovered from the backup database file.

Temporary Internet Files – Information from all four computers was deleted from the
temporary Internet file folder. However, information from the backup database on two of
the four computers was recovered.
10

Cache Internet Files – All four computers contained a fully intact cache file and
contained Internet activity associated with Cooper’s user profile.
From the recovered files, an analysis determined approximately 35 unique cookies related to
sexually explicit images were present and associated with Cooper’s user profile. A review of the
website addresses accessed with Cooper’s user profile found:

A website had been viewed with free online communities where members can share
discussions, pictures and reviews. From the website address information, the Office of
the Ohio Inspector General determined approximately 16 different community forums
related to sexually explicit material were accessed.

Sexually explicit words or sexually explicit phrases had been entered into website search
engines to locate sexually explicit images.

Multiple sexually explicit websites had been accessed, including a website billing itself
as “an Internet-based hardcore pornography production company.”
The Office of the Ohio Inspector General was also able to locate approximately 126 sexually
explicit images on the hard drive of the computer located in Cooper’s office. These images had
previously been deleted, but the information contained in the file’s data associated them with
Cooper’s user profile.
On December 4, 2012, the Office of the Ohio Inspector General interviewed Cooper at
Northwest Ohio Psychiatric Hospital. Cooper admitted giving out his password to OSHP7 in
case it was needed, but Cooper also said he did not directly give his password to his co-workers.
Cooper later stated if anyone was nearby when he provided his password to OSHP, they may
have overheard his conversation. Cooper also admitted to writing down his passwords on a note
card.
7
All alleged criminal matters occurring on ODMH property must be referred to OSHP. After the assessment of the
complaint, OSHP may pursue an investigation or defer to the ODMH police officers for further investigation. This
would require OSHP to have access to ODMH computer system to obtain information needed in the course of an
investigation.
11
When asked about the anti-forensic software installed on his computer, Cooper stated Lawrence
had downloaded anti-forensic software on the computer Cooper used, and Cooper knew the antiforensic software was used to clean Internet history from the computer. Cooper also stated
Lawrence instructed the staff to run the software program at the beginning or end of each shift.
The Office of the Ohio Inspector General provided to Cooper a list of the websites visited under
Cooper’s user profile from the ODMH security reports. Cooper admitted to accessing sites
classified as inappropriate under ODMH policy, such as personal email accounts and shopping
websites, or played games on his “downtime.” Cooper also admitted to visiting websites related
to motorcycles or motorcycle clubs, and some of the images may have included topless women.
Cooper also admitted to visiting websites that had images of crime scene photos but stated he
had “… no reason to go to a porn site to look at porn.” Cooper stated he knew some websites
were restricted by ODMH and if access was attempted, a message would appear stating the
website was restricted. When asked what his definition of “porn” was, he replied that he did not
think images of topless women necessarily qualified.
Scott Prater
Six computers were obtained from Northcoast Behavioral Healthcare in Northfield and
Cleveland. Four of the computers contained Prater’s user profile. None of the computers
analyzed utilized anti-forensic software. The following is the information the Office of the Ohio
Inspector General was able to obtain from the analysis of Prater’s user profile on the four
computers:

Typed URL Information – Information was obtained from three of the four computers.

Temporary Internet Files – Information from all four computers was recovered from the
backup database.
A review of the website addresses accessed with Prater’s user profile found:

A blog was visited listing other websites displaying sexually explicit images and videos.
URL history provided information indicating specific page information was typed into
the URL address box, and access to the websites was not just achieved by browsing and
clicking on hyperlinked websites in the blog. In total, there were approximately 30
12
instances in which the typed URL history for this blog showed access to sexually explicit
material.

Approximately 90 other unique blogs were accessed containing websites linked to
sexually explicit material.

The names of specific celebrities were searched who were shown in sexually explicit
images or videos, sexually explicit phrases, or sexually explicit websites within a search
engine. Also, the search engine’s image feature was used to access sexually explicit
images.

Websites that contained pay-to-view sexually explicit videos were visited.
Additionally, the Office of the Ohio Inspector General was able to locate approximately 2,600
sexually explicit images and fragments of sexually explicit videos on the hard drive of two
computers associated with Prater’s user profile. Some of these images had previously been
deleted, but the information contained in each image file’s data connected the file to Prater’s user
profile.
On December 12, 2012, the Office of the Ohio Inspector General interviewed Prater at
Northcoast Behavioral Healthcare. At the beginning of the interview, Prater volunteered that he
“… looked at some sites that I probably shouldn’t have looked at …” and classified them as nonwork related. Prater provided examples such as looking at music videos or listening to music.
Prater also admitted to knowing how to use a search engine to by-pass any ODMH restrictions
and view images. The Office of the Ohio Inspector General presented to Prater a copy of the
ODMH security logs detailing all the websites that were in question. When asked if he wished to
elaborate more on his activities, Prater responded “not really.” Prater was also asked if he could
recall the last time he had inappropriately used a state-issued computer, to which Prater
responded, “I would prefer not to answer that, if I might.” At the conclusion of the interview,
Prater said, “I’m embarrassed,” and “I know, it was stupid.”
Weldon Cartwright and Charles Combs
On January 8, 2013, Weldon Cartwright was interviewed by the Office of the Ohio Inspector
General regarding the information contained in the ODMH security reports showing
13
Cartwright’s user profile associated with viewing sexually explicit websites. During the
interview, Cartwright admitted to visiting sexually explicit websites and other non-work related
sites, including travel or social networking sites. Cartwright stated he would go to the explicit
websites once or twice a week for an hour at a time, and admitted the last time he visited a
sexually explicit website was during his current work shift. Cartwright also stated he would
delete the Internet history from the computer.
Charles Combs was interviewed by the Office of the Ohio Inspector General on January 9, 2013.
Combs denied visiting sexually explicit websites, but admitted to visiting so called “shock sites.”
These sites, as defined by urbandictionary.com, are websites intended to be offensive or
disturbing to viewers containing material of high shock value which is also considered distasteful
and is generally of a pornographic or extremely violent nature. Combs was unaware the sites
would be classified as “pornography” on the security report, and stated he believed the websites
were not restricted by ODMH’s security system. Combs also admitted to watching movies on
his state-issued computer but said they were on a DVD and not downloaded from the Internet.
CONCLUSION
The Office of the Ohio Inspector General was able to establish, through the analysis of
computers obtained from Heartland Behavioral Healthcare, Northcoast Behavioral Healthcare,
and Northwest Ohio Psychiatric Hospital, that sexually explicit websites, images, and videos had
been viewed or downloaded, and found evidence the actions were taken by individuals
employing user profiles belonging to Brian Bollinger, Scott Cooper, and Scott Prater. While all
admitted to viewing inappropriate websites in violation of the Ohio Department of Mental Health
policies, none expressly admitted to viewing sexually explicit material.
Both Bollinger and Cooper said other employees knew their passwords, and implied someone
else could have used their user profiles to access the sites. However, the analysis showed this
was not a plausible explanation because whoever was employing the user profiles attributed to
Bollinger and Cooper to access the sexually explicit websites also accessed non-work related
sites such as personal email accounts, shopping sites, and other websites that required a personal
user name and password to log-in. Access to these sites was in close sequence to, before,
14
between, or after the instances when sexually explicit sites were viewed. In order for anyone
else to use either Bollinger’s and Cooper’s user profiles to access the sexually explicit websites,
the individual would not only need to have Bollinger’s and Cooper’s ODMH passwords, but also
have knowledge of Bollinger’s and Cooper’s personal user names and passwords for all the other
websites requiring a log-on procedure.
Computers containing Bollinger and Cooper’s user profiles also showed the use of anti-forensic
software to clear the Internet history and temporary files. Both stated the software was
downloaded by an employee, Lee Lawrence, who had since retired. Both also alleged Lawrence
viewed sexually explicit websites and implied he may have logged-in under their user profiles.
When contacted by the Office of the Ohio Inspector General, Lawrence admitted to downloading
the software, but stated he was instructed to do so by Kevin Marshall. Lawrence did not
remember viewing inappropriate sites on his work computer.
When contacted by the Office of the Ohio Inspector General, Marshall stated he had used the
anti-forensic software to “clean” the machines after a virus was detected on the computers.
However, Marshall denied instructing Lawrence to download the software on the computers and
informing employees they were to use the software every day.
Finally, Weldon Cartwright admitted to viewing sexually explicit material once or twice a week
for an hour at a time during his work shift. Charles Combs also admitted to viewing
inappropriate websites but denied they were sexually explicit in nature.
15
The following is a summary of the findings related to this investigation:
Chart of Wrongful Acts of Omissions by ODMH Employees
Employee
Brian Bollinger
Scott Cooper
Scott Prater
Weldon Cartwright
Charles Combs
Applicable Policy
ODMH Policy AI-78, Use of
Internet, E-mail and other IT
Resources - accessing prohibited
websites
ODMH Policy AI-78, Use of
Internet, E-mail and other IT
Resources – installing
unapproved software
ODMH Policy AI-53, Password
and Personal Identification
Number Security – providing
password to other employees
ODMH Policy AI-78, Use of
Internet, E-mail and other IT
Resources - accessing prohibited
websites
ODMH Policy AI-78, Use of
Internet, E-mail and other IT
Resources – installing
unapproved software
ODMH Policy AI-53, Password
and Personal Identification
Number Security – providing
password to other employees
ODMH Policy AI-78, Use of
Internet, E-mail and other IT
Resources - accessing prohibited
websites
ODMH Policy AI-78, Use of
Internet, E-mail and other IT
Resources - accessing prohibited
websites
ODMH Policy AI-78, Use of
Internet, E-mail and other IT
Resources - accessing prohibited
websites
16
Accordingly, there is reasonable
cause to believe…
A wrongful act or omission
occurred
A wrongful act or omission
occurred
A wrongful act or omission
occurred
A wrongful act or omission
occurred
A wrongful act or omission
occurred
A wrongful act or omission
occurred
A wrongful act or omission
occurred
A wrongful act or omission
occurred
A wrongful act or omission
occurred
RECOMMENDATION(S)
The Office of the Ohio Inspector General makes the following recommendations and asks the
Ohio Department of Mental Health to respond within 60 days with a plan detailing how the
recommendations will be implemented. The Ohio Department of Mental Health should:
1) Review the actions of the employees listed in this report and consider whether
administrative action is in order.
2) Consider further restrictions on the Internet access currently granted to the staff employed
by ODMH.
3) Review the applicable Internet and password policies with all the employees.
4) Consider developing and implementing a procedure granting temporary log-in and
password access when investigatory agencies require access to the ODMH computer
system relative to an official investigation.
5) Consider implementing software to monitor and block computer activity in addition to
conducting regular reviews of network activity logs.
17
State of Ohio
Office of the Inspector General
RANDALL J. MEYER, Inspector General
NAME OF REPORT: Ohio Department of Mental Health
FILE ID #: 2011-176
KEEPER OF RECORDS CERTIFICATION
This is a true and correct copy of the report which is required to be prepared
by the Office of the Ohio Inspector General pursuant to Section 121.42 of the
Ohio Revised Code.
Jill Jones
KEEPER OF RECORDS
CERTIFIED
June 24, 2013
Rhodes State Office Tower ◊ 30 East Broad Street – Suite 2940 ◊ Columbus, Ohio 43215-3414
Phone: 614-644-9110 ◊ FAX: 614-644-9504 ◊ Toll Free: 800-686-1525 ◊ Email: [email protected]
The Ohio Inspector General is on the World Wide Web at www.watchdog.ohio.gov
MAILING ADDRESS
OFFICE OF THE INSPECTOR GENERAL
JAMES A. RHODES STATE OFFICE TOWER
30 EAST BROAD STREET – SUITE 2940
COLUMBUS, OH 43215-3414
TELEPHONE
(614) 644-9110
IN STATE TOLL- FREE
(800) 686-1525
FAX
(614) 644-9504
E-MAIL
[email protected]
INTERNET
WATCHDOG.OHIO.GOV