A former network engineer and technical services manager at the Council of Community Health Clinics (CCC) in San Diego could spend 10 years in prison after a federal jury convicted him last week of hacking into his former employer's computers and sabotaging patient data.
In addition, Jon Paul Oson could face fines of up to US$250,000 for each of the two charges on which he was found guilty. Oson was charged in August 2006 on charges of willfully damaging protected computers belonging to CCC, a nonprofit organization that provides a variety of services to 17 community health clinics in the area.
Oson worked at CCC between May 2004 and October 2005, and resigned from the company following what he perceived to be a negative performance evaluation, according to a statement announcing his conviction from the FBI's San Diego field office.
About two months after he resigned, Oson illegally accessed the CCC network and disabled a process for automatically backing up patient data belonging to North County Health Services (NCHS), a clinic that stored its patient management system on CCC's computers. A few days later, Oson attacked the CCC system again and systematically deleted data and software on several CCC servers, including the patient data for the NCHS clinic, the FBI said. The deleted data included billing details, scheduling of patient appointments, case histories, diagnoses and treatment plans. In addition, Oson deleted and attempted to delete data on several other servers used by CCC and other clinics.
"In addition to causing financial losses at CCC, NCHS and other CCC member clinics, the deletion of the data caused patient care at NCHS to suffer," the FBI statement said.