A former systems administrator at Medco Health Solutions has been sentenced to 30 months in federal prison for planting a logic bomb that could have taken down a corporate network that held personal health care information.
Yung-Hsun Lin, 51, of Montville, N.J., who was sentenced in a federal court in Newark, faced a maximum 10-year prison sentence. He had pleaded guilty to one count of computer fraud in September.
Lin was responsible for programming and maintaining the 70 HP Unix-based servers at the Franklin Lakes, N.J.-based pharmacy benefits management company, where he worked from 1997 to 2005.
The systems held client medical and billing data, along with corporate financial applications.
"This case is unique in that it touches on the public health system," said assistant US attorney Erez Liebermann, who prosecuted the case.
The logic bomb, designed to delete "virtually all of the information" on Medco's servers, was written by Lin and planted in multiple scripts on the company network, according to court documents.
The malicious code was initially set up to be triggered on April 23, 2004, but it failed because of a coding error. Lin reset it to deploy a year later, but a co-worker discovered and disabled the bomb, Liebermann said.