A computer programmer hired by the St. Cloud Hospital to create a computer-based training program for hospital employees pleaded guilty today in St. Paul in connection with placing a “logic bomb” into the hospital’s computer system. If convicted, Gibson faces a potential maximum penalty of 10 years in federal prison and a $250,000 fine.
According to the plea agreement, Gibson was employed by the hospital from July 2005 through June 2006, and worked on the training program. During the spring and summer of 2006, Gibson inserted a “logic bomb” into the software that ran the training program. A “logic bomb” is a malicious software code which is hidden in a computer program, and is designed to “blow up” at a future date and cause some specified damage.
Gibson installed the bomb before he quit his job at the hospital in June 2006. The malicious code was activated in August and disabled the training program. The hospital immediately began an investigation into the cause, notified the St. Cloud Police Department and the Federal Bureau of Investigation’s Cybercrime Task Force, and ultimately concluded that it could not use the training program.