News

Feds: NJ Worker Put 'Bomb' in Computers

Systems administrator alleged to have planted logic bomb that could have wiped out critical patient data.

(Newark, N.J.) A computer administrator angry about possibly losing his job allegedly planted an electronic "bomb" in the systems of one of the nation's largest prescription drug management companies, prosecutors said Tuesday. If the so-called "logic bomb" had gone off at Medco Health Solutions Inc., it would have wiped out critical patient information, authorities said.

Even after surviving a round of layoffs, Yung-Hsun Lin, 50, of Montvale kept the code in the system and tinkered with it in an attempt to set it off, prosecutors said. The bug eventually was discovered and neutralized by the company.

U.S. Attorney Christopher Christie said the bomb could have caused widespread financial damage to the company, and possibly harmed a large number of patients.

"The potential damage to Medco and the patients and physicians served by the company cannot be understated," Christie said. "A malicious program like this can bring a company's operations to a grinding halt and cause millions of dollars in damage from lost data, system downtime, recovery and repair."

Lin was arrested at his home Tuesday morning by FBI agents, and was to appear before a federal magistrate Tuesday afternoon. His arraignment is scheduled for Jan. 3.

His lawyer, Raymond Wong, had no immediate comment on the case.

A call seeking comment from Medco was not immediately returned.

The indictment alleges that Lin, who worked in the company's Fair Lawn office, planted the computer bomb in Medco's servers. It would have wiped out critical data stored on more than 70 servers, according to Assistant U.S. Attorney Erez Lieberman. He could not estimate how many patients could have been affected.

Among the targeted databases was one that tracked patient-specific drug interaction conflicts.

Before dispensing medication, pharmacists routinely examine the information contained in the database to determine whether conflicts exist between a patient's prescribed drugs.

Other data on the targeted servers included patients' clinical analyses, rebate applications, billing and managed-care processing.

Prosecutors said that when Franklin Lakes-based Medco was spun off from Merck & Co. in 2003, Lin feared that layoffs may affect him.

Authorities said that on Oct. 3, 2003, Lin created the bomb designed to delete virtually all data from 70 targeted servers by modifying existing computer code and adding new code. It was set detonate automatically on April 23, 2004 -- his birthday.

But due to a programming error, it didn't go off. Even after surviving a round of layoffs, prosecutors said, Lin modified the bomb's code to have it detonate on his next birthday. But the company found and disabled it before it could cause any damage.

Lin is charged with two counts of fraud related to activity in connection with computers. One is for exceeding authorized access with intent to cause damage in excess of $5,000; the other is for the impairment, or potential impairment, of the medical examination, diagnosis, treatment or medical care of one or more individuals.

Last week, a former UBS PaineWebber systems administrator in New Jersey was sentenced to eight years and one month in prison for attempting to profit by detonating a "logic bomb" program that caused millions of dollars in damage to the brokerage's computer network in 2002.

Roger Duronio also was ordered to pay $3.1 million in restitution to his former employer, now known as UBS Financial Services Inc., part of the Swiss banking company UBS AG.

Featured

  • Report: Cost, Sustainability Drive DaaS Adoption Beyond Remote Work

    Gartner's 2025 Magic Quadrant for Desktop as a Service reveals that while secure remote access remains a key driver of DaaS adoption, a growing number of deployments now focus on broader efficiency goals.

  • Windows 365 Reserve, Microsoft's Cloud PC Rental Service, Hits Preview

    Microsoft has launched a limited public preview of its new "Windows 365 Reserve" service, which lets organizations rent cloud PC instances in the event their Windows devices are stolen, lost or damaged.

  • Hands-On AI Skills Now Outshine Certs in Salary Stakes

    For AI-related roles, employers are prioritizing verifiable, hands-on abilities over framed certificates -- and they're paying a premium for it.

  • Roadblocks in Enterprise AI: Data and Skills Shortfalls Could Cost Millions

    Businesses risk losing up to $87 million a year if they fail to catch up with AI innovation, according to the Couchbase FY 2026 CIO AI Survey released this month.