FEMA Employee Indicted for Hacking Medical Center

A man from Michigan has been charged with hacking into a medical center's database and stealing the personal information of 65,000 employees.

Federal prosecutors unsealed a 43-count indictment yesterday accusing Federal Emergency Management Agency (FEMA) IT specialist Justin Sean Johnson of illegally accessing data held by the University of Pittsburgh Medical Center (UPMC). 

Johnson allegedly hacked into the center's Oracle PeopleSoft database in January 2014 using the nicknames "TDS" and "DS." The indictment accuses the 29-year-old of exfiltrating personal identifying information and tax data belonging to thousands of center staff, then selling it on the dark web for an undisclosed sum.

Data said to have been stolen and sold by Johnson included employees' names, dates of birth, Social Security numbers, addresses, and salary information.

Prosecutors said that over the course of 2017, unidentified conspirators used the exfiltrated data to file hundreds of phony tax returns that claimed approximately $1.7m in false refunds. These returns were then laundered by being converted into Amazon gift cards that were used to purchase goods worth about $885,000 that were shipped to Venezuela and later sold in online marketplaces.

The indictment charges the alleged cyber-criminal with wire fraud, conspiracy, and aggravated identity theft. If he is convicted on all charges, Johnson could spend 20 years locked up in federal prison. 

Johnson is being held without bond after being arrested by police in Detroit on Tuesday. 

In a statement, the special agent in charge of the US Secret Service field office, Timothy Burke, said: “The health care sector has become an attractive target of cybercriminals looking to upda ..

Support the originator by clicking the read the rest link below.