Hacker given five-year prison sentence

A former network engineer has been given one of the longest sentences for hacking in the US

A former network engineer has been handed a 63-month prison sentence after hacking into a Californian health clinic computer system.

Jon Paul Oson, 38, was ordered to pay more than $144,000 to the Council of Community Health Clinics (CCC) and more than $264,000 to the CCC clinic whose computer system he hacked.

Adam Bosnian, vice president of marketing at data security specialist Cyber-Ark, described the sentence as fair.

"The sentence is one of the longest given for hacking in the US, but since Oson had deliberately deleted patient and allied data from his former employer's computer systems, I think it reflects the seriousness of his offences," he said.

"What makes the hacking and file deletion worse is that the CCC is a not-for-profit organisation that provides a variety of services to its membership, and operates 17 community health clinics in San Diego and Imperial counties of California."

A jury convicted Oson of accessing the CCC network without authority in December 2005, and disabling the automatic process that created backups of patient information.

Bosnian went on to say that, because Oson had betrayed his former employer's trust and potentially put patients' lives at risk, his prison sentence should stand as a warning to anyone contemplating such actions.

"Hacking in itself is wrong, but potentially placing lives at risk is about as bad as you can get," he said.

Since the clinic's systems were fully backed up and encrypted, a hacker would not normally be able to gain access unless they were somehow exposed to the encryption keys and able to log-in to the back ups to erase them.

"Your average hacker is not going to take the time to do this. It is difficult and a lot of work, and they tend to go for easy targets," said Bosnian.

"An unhappy ex-employee with access to admin passwords that have not been changed and a knowledge of the system, on the other hand, is going to have no trouble at all."