News

IT Admin Accused of Planting 'Logic Bomb'

A computer administrator upset over the possibility of losing his job planted an electronic "bomb" in the systems of one of the nation's largest prescription drug management companies, prosecutors said Tuesday.

If the so-called "logic bomb" had gone off at Medco Health Solutions Inc., it would have wiped out critical patient information, authorities said.

Even after surviving a round of layoffs, Yung-Hsun Lin, 50, kept the code in the system and tinkered with it in an attempt to set it off, prosecutors said. The bug eventually was discovered and neutralized by the company.

U.S. Attorney Christopher Christie said the bomb could have caused widespread financial damage to the company, and possibly harmed a large number of patients.

Among the targeted databases was one that tracked patient-specific drug interaction conflicts, prosecutors said. Before dispensing medication, pharmacists routinely examine that information to determine whether conflicts exist among a patient's prescribed medicines.

"The potential damage to Medco and the patients and physicians served by the company cannot be understated," Christie said. "A malicious program like this can bring a company's operations to a grinding halt and cause millions of dollars in damage from lost data, system downtime, recovery and repair."

Lin was arrested at his home Tuesday morning by FBI agents, and was to appear before a federal magistrate Tuesday afternoon. His arraignment is scheduled for Jan. 3. He is charged with two counts of computer fraud.

His lawyer, Raymond Wong, said Lin denies introducing any malicious programming into the computer system. Wong said his client would have known that such an action could be quickly linked to him.

"He is an administrator; if something happened, it could be traced back," said Wong, who added Lin has years of "excellent performance reviews."

Medco spokeswoman Soraya Balzac said the arrest "sends a strong message that there is zero tolerance for this type of conduct."

The indictment alleges that Lin, who worked in the company's Fair Lawn office, planted the computer bomb in Medco's servers. It would have wiped out critical data stored on more than 70 servers, according to Assistant U.S. Attorney Erez Lieberman. He could not estimate how many patients could have been affected.

In addition to the drug-interaction information, other data on the targeted servers included patients' clinical analyses, rebate applications, billing and managed-care processing.

Prosecutors said that when Franklin Lakes-based Medco was spun off from Merck & Co. in 2003, Lin feared that layoffs would affect him.

Authorities said that on Oct. 3, 2003, Lin created the bomb designed to delete virtually all data from the 70 targeted servers by modifying existing computer code and adding new code. It allegedly was set to detonate automatically on April 23, 2004 -- his birthday.

Due to a programming error, it didn't go off. Even after surviving a round of layoffs, prosecutors said, Lin modified the bomb's code to have it detonate on his next birthday. But the company found and disabled it before it could cause any damage.

Last week, a former UBS PaineWebber systems administrator in New Jersey was sentenced to eight years and one month in prison for attempting to profit by detonating a logic-bomb program that caused millions of dollars in damage to the brokerage's computer network in 2002. The ex-employee, Roger Duronio, also was ordered to pay $3.1 million in restitution to his former employer, now known as UBS Financial Services Inc., part of the Swiss banking company UBS AG.

Featured

  • Microsoft Offers Support Extensions for Exchange 2016 and 2019

    Microsoft has introduced a paid Extended Security Update (ESU) program for on-premises Exchange Server 2016 and 2019, offering a crucial safety cushion as both versions near their Oct. 14, 2025 end-of-support date.

  • An image of planes flying around a globe

    2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.

  • Notebook

    Microsoft Centers AI, Security and Partner Dogfooding at MCAPS

    Microsoft's second annual MCAPS for Partners event took place Tuesday, delivering a volley of updates and directives for its partners for fiscal 2026.

  • Microsoft Layoffs: AI Is the Obvious Elephant in the Room

    As Microsoft doubles down on an $80 billion bet on AI this fiscal year, its workforce reductions are drawing scrutiny over whether AI's ascent is quietly reshaping its human capital strategy, even as official messaging avoids drawing a direct line.