Former network engineer faces jail time for sabotaging patient data

Jon Paul Oson also faces fines of up to $500,000

A former network engineer and technical services manager at the Council of Community Clinics (CCC) in San Diego could spend 10 years in prison after a federal jury convicted him last week of hacking into his former employer's computers and sabotaging patient data.

In addition, Jon Paul Oson could face fines of up to $250,000 for each of the two charges on which he was found guilty. Oson was arraigned in August 2006 on charges of willfully damaging protected computers belonging to the CCC, a nonprofit organization that provides a variety of services to 17 community health clinics in the area.

Oson worked at the CCC between May 2004 and October 2005, and resigned from the organization following what he perceived to be a negative performance evaluation, according to a statement announcing his conviction from the FBI's San Diego field office.

About two months after he resigned, Oson illegally accessed the the CCC's network and disabled a process for automatically backing up patient data belonging to North County Health Services (NCHS), a clinic that stored its patient management system on the CCC's computers.

A few days later, Oson attacked the CCC's network again and systematically deleted data and software on several servers, including the patient data for the NCHS clinic, the FBI said. The deleted data included billing details, scheduling of patient appointments, case histories, diagnoses and treatment plans. In addition, Oson deleted and attempted to delete data on several other servers used by the CCC and other clinics, according to the FBI.

"In addition to causing financial losses at CCC, NCHS and other CCC member clinics, the deletion of the data caused patient care at NCHS to suffer," the FBI statement said.

Copyright © 2007 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon