You are here

Justice News

Department of Justice
U.S. Attorney’s Office
Western District of Pennsylvania

FOR IMMEDIATE RELEASE
Thursday, June 1, 2017

Houston Man Admits Hacking and Damaging Computers of Pittsburgh-area Health Care Facility

PITTSBURGH - A resident of Houston, Texas, entered pleas of guilty in Pittsburgh to charges of Intentional Damage to a Protected Computer and Wire Fraud, Acting United States Attorney Soo C. Song announced today.

Brandon A. Coughlin, of Houston, Texas, pleaded guilty before Chief United States District Court Judge Joy Flowers Conti.

In connection with the guilty plea, the Court was advised that Coughlin intentionally hacked and damaged 13 servers operated by a local healthcare facility and engaged in a scheme to defraud that healthcare facility by using its purchase card to order merchandise from Staples. On January 16, 2013, Coughlin was hired by the healthcare facility as an in-house computer systems administrator.

On February 4, 2013, he resigned from that position at the request of the management of the local healthcare facility. Using the administrative passwords he knew from his employment, Coughlin on September 18, 2013 hacked the computer network of the healthcare facility. He disabled all administrative accounts needed to control any and all of the computer servers of the healthcare facility, and deleted users’ network shares, business data, and patient health information and data, including patient medical records. He caused a financial loss of approximately $60,000.00. He caused the local healthcare facility to cease its medical treatment of patients until its system was restored.

Coughlin also admitted committing wire fraud when he attempted fraudulently to purchase online iPad Air tablets on the Staples account of the local healthcare facility. As part of the fraud, Coughlin breached the email server of the healthcare facility. He directed that email server to delete email from Staples before it was routed to the purchasing supervisor who handled the Staples account for the healthcare facility. He then monitored email communications between officials of the healthcare facility and others including the FBI through 2014. Coughlin admitted that he listened in on phone conferences between the FBI and the officials of the healthcare facility without their knowledge.

The law provides for a maximum total sentence of 30 years in prison, a fine of $500,000 or both. Under the Federal Sentencing Guidelines, the actual sentence imposed would be based upon the seriousness of the offense and the prior criminal history, if any, of the defendant.

Assistant United States Attorney Paul E. Hull is prosecuting this case on behalf of the government.

The Federal Bureau of Investigation conducted the investigation leading to the prosecution of Brandon A. Coughlin.

Updated June 6, 2017