SAN DIEGO – United States Attorney Karen P. Hewitt announced that Jon Paul Oson was sentenced June 9 to serve more than five years’ imprisonment on federal computer hacking charges. Mr. Oson was convicted following a jury trial in August 2007 of two counts of intentionally damaging protected computers. The 63-month sentence imposed by the Honorable Thomas J. Whelan, United States District Judge, represents one of the longest sentences imposed for computer hacking in the United States. In addition to the custodial sentence, Oson was ordered to pay $144,359 in restitution to the Council of Community Health Clinics (“CCC”) and $264,979 in restitution to the North County Health Services Clinic (“NCHS”).

The evidence at trial established that, among other things, as summarized below, Oson deleted patient data of the NCHS clinic, which data were stored at the facilities of Oson’s former employer, the CCC, in San Diego. In addition to causing financial losses at CCC, NCHS and other CCC member clinics, the deletion of the data caused patient care at NCHS to suffer.

According to court documents, Mr. Oson was employed as a network engineer and as technical services manager for the Council of Community Health Clinics from May 2004 until October 2005. CCC is a non-profit organization that provides a variety of services to its membership and consists of seventeen community health clinics located in San Diego and Imperial counties. The largest member clinic is North County Health Services. NCHS, like the other member clinics of CCC, provides medical services to the poor, the uninsured and the under-insured. NCHS used CCC’s information technology services to host and manage its practice management system. This software is used by NCHS for billing, scheduling of patient appointments and tracking medical information of NCHS patients, including diagnosis, treatment plans and case history. Mr. Oson’s resignation from CCC followed a performance evaluation that he perceived as negative.

The jury convicted Mr. Oson of accessing the CCC network without authority on Dec. 23, 2005, and disabling the automatic process that created backups of the patient information for the NCHS database. The jury also found that on Dec. 29, 2005, Oson attacked the CCC system again and systematically deleted data and software on several CCC servers, including the patient data for NCHS. In addition to attacking the NCHS servers at CCC, Oson deleted and attempted to delete data and software in several other CCC servers used by CCC and by other clinics.

This case was investigated by special agents assigned to the Cybercrime Squad of the San Diego Division of the Federal Bureau of Investigation.

Oson was taken into custody immediately following the imposition of sentence.

____________________________________________________________________
USDOJ June 9, 2008 press release

If you appreciated this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

Related Content