There is a price tag on misused credentials. This week, as Rachel King at the Wall Street Journal reports, Tata Consultancy Services’ (TCS) bill came out to $940 million. An employee at TCS was found to have used credentials from a previous contracting job at Kaiser to access more than 6,000 confidential files on Epic System’s web portal. Prior to TCS, the employee worked on an Epic-related project for Kaiser. Kaiser administrators failed to completely de-provision the employee upon contract termination. Moreover, at TCS, the employee shared credentials with colleagues at TCS, amplifying the exposure. A U.S. federal jury ruled in favor of Epic Systems and slapped a fine on TCS equivalent to nearly half of Epic Systems’ annual revenue. The real kicker here is that the lawsuit, fine, and the loss of sensitive information was preventable. Epic and Kaiser could have prevented the unauthorized access entirely by automating.