A logic bomb lends a former systems administrator 30 months in prison

A former computer systems administrator for Medco Health Solutions, Inc. was sentenced to 30 months in federal prison for planting a “logic bomb” in Medco’s computer systems that was designed, but failed, to wipe out critical data stored on more than 70 servers.

Lin pleaded guilty to one count of transmitting computer code with the intent of causing damage in excess of $5,000. The sentence imposed on Lin is believed to be the longest federal prison sentence for an attempt crime designed to damage a computer system.

U.S. District Judge Jose L. Linares also ordered Yung-Hsun Lin a/k/a “Andy Lin,” 51, to pay $81,200 in restitution to Medco. Lin must surrender to the federal Bureau of Prisons by Feb. 25 and is free on bail until then.

During a Sept. 19 plea hearing, Lin admitted that while he was employed as a system administrator at Medco’s Fair Lawn office he modified existing computer code and added additional code designed to wipe out computer servers on Medco’s network. Lin admitted that he scheduled the code to “detonate” on his birthday.

Among the databases operated from the affected servers was a critical one maintained and updated regularly by Medco – a patient-specific drug interaction conflict database known as the Drug Utilization Review (DUR). Prior to dispensing medication, pharmacists routinely examined the information contained in the DUR to determine whether conflicts existed between or among an individual’s prescribed drugs.

In addition to the DUR database, the Medco servers targeted by the logic bomb contained applications relating to clients’ clinical analyses, rebate applications, billing, and managed care processing. Further, the servers handled new prescription call-ins from doctors and coverage determination applications, as well as numerous internal Medco applications, including the corporate financials, pharmacy maintenance tracking, web and pharmacy statistics reporting, and the employee payroll input.

Don't miss