DALLAS – A former contract security guard at the Carrell Clinic in Dallas has pleaded guilty to hacking hospital computers containing confidential patient information.
The Dallas Observer reported that McGraw pleaded guilty before U.S. District Judge Jane J. Boyle, on May 14 to felony offenses related to his compromising and damaging the hospital's computer system.
McGraw was charged last July with two counts of transmitting a malicious code. Each count carries 10 years in prison, a $250,000 fine and restitution.
McGraw was employed as a security guard for United Protection Services, in Dallas, and worked the night shift, from 11:00 p.m. to 7:00 a.m., at the Carrell Clinic hospital. According to a statement from the U.S. Attorney's Office, Northern Texas, McGraw gained physical access to more than 14 computers located in the North Central Medical Plaza, including a nurses' station computer on the fifth floor and a heating, ventilation and air conditioning (HVAC) computer located in a locked room.
The nurses' station computer was used to track a patient's progress through the Carrell Memorial Clinic, and medical staff also used it to reference patients' personal identifiers, billing records and medical history. The HVAC computer was used to control the heating, ventilation and air conditioning for the first and second floors used by the North Central Surgery Center.
McGraw was the leader of the hacker group, "Electronik Tribulation Army." He used the online nickname "Ghost Exodus," and posted pictures on the Internet of the compromised HVAC system and videos of himself compromising a computer system in a hospital. He also posted detailed information about plans for a "Devil's Day" attack, referring to an organized "distributed denial of service," a type of computer attack in which an unauthorized person takes control of secured computers and uses them for malicious attacks.
McGraw will be sentenced in Dallas federal court on September 16, the Dallas Observer reported.
Click here to read more.
