Medco Sys Admin Pleads Guilty To Computer Sabotage - InformationWeek
IoT
IoT
Software // Enterprise Applications
News
9/19/2007
03:55 PM
50%
50%
RELATED EVENTS
Using Threat Data to Improve Your Cyber Defense
Aug 10, 2017
Attend this webinar to learn how you can determine which threats pose the greatest danger to your ...Read More>>

Medco Sys Admin Pleads Guilty To Computer Sabotage

New Jersey man tells the court he planted the logic bomb on the prescription manager's network when he suspected he was going to be laid off.

A former systems administrator at Medco Health Solutions pleaded guilty in federal court Wednesday to writing and planting malicious code that could have crippled a network that maintains customer health care information.

Yung-Hsun Lin, of Montville, N.J., pleaded guilty in U.S. District Court in Newark, N.J. to the charge of transmitting code that would cause damage to a protected computer. The charge carries a maximum sentence of 10 years, but the plea deal sets a guideline of 30 to 37 months. The judge, who will levy the sentence on Jan. 8, is not bound to the guidelines.

"Had this gone off, the damage to Medco's reputation could have been catastrophic," Assistant U.S. Attorney Erez Liebermann told InformationWeek. "I look at this as one of the most significant [computer sabotage] cases because it could have done more than financial damage."

Lin admitted to creating and planting the malicious code, or logic bomb, on Medco's computer network because he feared he would lose his job in an expected round of layoffs. Another systems administrator at the company, however, foiled his plan when he discovered the logic bomb before it went off.

If it had been detonated, prosecutors say the code would have eliminated pharmacists' ability to know if a new prescription would dangerously interact with a patient's current prescriptions. They also say it would have caused widespread financial damages to the company. Even though it didn't go off, Medco reported that it cost them between $70,000 and $120,000 to clean up the problem.

"What this individual did was severely threaten a critical infrastructure -- healthcare," said Liebermann. "The only way to make sure all the drugs you've received don't conflict is to have something like Medco doing an across-the-board check. ... This could have led to the damage of people trying to get their prescriptions filled. It's a new level of risk. It's not just a financial crime. It could have damaged life and limb. It shows the impact of cyber crime."

Lin, who is known as Andy Lin, had access to the company's network of about 70 HP Unix servers, according to the indictment. The network handled Medco's billing, corporate financial, and employee payroll information, as well as the Drug Utilization Review, a database of patient-specific information on conflicting drug interactions.

Lin, created the logic bomb early on Oct. 3, 2003, just days before a planned layoff was due to happen. Medco had just spun off from Merck & Co. and was going through a restructuring. The Medco Unix group was merging with the e-commerce group to form a corporate Unix group, the government reported.

Several systems administrators were laid off on Oct. 6. Lin was not one of them.

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
[Interop ITX 2017] State Of DevOps Report
[Interop ITX 2017] State Of DevOps Report
The DevOps movement brings application development and infrastructure operations together to increase efficiency and deploy applications more quickly. But embracing DevOps means making significant cultural, organizational, and technological changes. This research report will examine how and why IT organizations are adopting DevOps methodologies, the effects on their staff and processes, and the tools they are utilizing for the best results.
Register for InformationWeek Newsletters
White Papers
Current Issue
IT Strategies to Conquer the Cloud
Chances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.
Video
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll