Health IT administrator charged with planting ‘logic bomb’

A former systems administrator in the US has been arrested by the FBI and charged after placing a ‘logic bomb’ on a computer network that held patient prescription information.

Yung-Hsun Lin, 50, of Montville, New Jersey was last month charged with two counts of computer fraud after it was discovered he had placed the malware – malicious software – on the servers of prescription management firm Medco Health Solutions.

If activated, the logic bomb could have resulted in pharmacists using Medco Health Solutions’ Drug Utilization Review software being left unable to receive vital warnings on drug safety when creating new prescriptions and checking a patient’s previous prescription history.

According to Information Week, Lin, a systems administrator at Medco, hadaccess to the company’s cluster of 70 HP Unix servers. As well as the Drug Utilization Review, the network handled Medco’s billing information, corporate financial information, and employee payroll input.

Information Week reported that Lin was believed to have created the code in fear of being made redundant following Medco’s plans to downsize. It was initially timed to run on his birthday, 23 April 2004, but when this failed, he reset it to go off a year later. It was discovered, however, on 1 January 2005 when IT staff were checking the system for errors.

Assistant US attorney, Erez Lieberman, was quoted as saying: “The potential impact, had it gone off, would have been more devastating to patients.

"Taking a logic bomb and putting it in a system where it could not just cause financial harm but could also harm databases, which he knows and administers, that affect patient drug information, adds to the enormity of the situation.”

Lin’s court case will begin today and if convicted, he could face 20 years in prison and a fine of $500,000 (£254,665).