14 DAY TRIAL // Eric McNeal, a 37-year-old man from Atlanta, Georgia, is accused of hacking into the medical records database of his former employer. The data was used in a marketing campaign launched by his new boss.
“The FBI is well suited to conduct such cyber-based investigations and is pleased with the role its agents played in bringing this defendant to justice. Mr. McNeal misused both his technical skills and his previously held position of trust within the victim company in accessing patient information,” revealed Brian D. Lamkin, special agent in Charge, FBI Atlanta Field Office.
McNeal worked as an IT specialist for a medicinal practice in Atlanta called A.P.A. and after leaving the company, he got a job at a similar business housed in the same building. According to the charges that were brought against him, in April 2010 he used his personal computer to break into the patient database of A.P.A, stealing records and deleting them from the system.
He then utilized the stolen data, which included names, telephone numbers and addresses, to launch a marketing campaign that advertised his new workplace.
United States Attorney Sally Quillian Yates stated in a press release, “The citizens of our community should expect that their confidential patient information is just that—confidential—and that it will not be hacked and used for direct-mail marketing purposes. This criminal misuse of sensitive personal information resulted in a federal felony conviction for this defendant, which should serve as a warning for anyone else considering such hacking.”
McNeal pleaded guilty to the charges, now waiting a final sentence that will be ruled on December 5 2011 by Senior United States District Judge Willis B. Hunt.
For “intentionally accessing a protected computer without authorization” the defendant can receive a maximum of 5 years in prison and he will have to pay a fine of up to $250,000(€175,000).