CYFOR Blog

The departing employee was sentenced after carrying out a cyber-attack against their former employer.

IT administrator Levi Delgado was sentenced on Wednesday to home confinement after hacking into his former employer’s IT network, deleting its data, and disabling user accounts. The 36-year-old cyber-criminal had been employed as an information technology administrator at a medical centre that provides care to under-served communities. However, the medical centre terminated Delgado’s employment in August 2017. After losing his job, Delgado’s access to the medical centre’s computer network was revoked and the credentials that had allowed him to log in to it were disabled.

Four days after the termination of his employment, Delgado connected a personal laptop and accessed the medical centre’s IT network without authorisation via an administrator account. After illegally entering the network, Delgado deleted the medical centre’s employee user accounts, disabled its computer accounts, and deleted its file server. Delgado’s criminal actions prevented the medical centre’s employees from logging in to their computers and blocked them from accessing patient files necessary to conduct operations.

While no patient personal health information was compromised or accessed, patient appointments and treatments had to be rescheduled because of Delgado’s cyber-sabotage. Delgado pled guilty in February 2021 to one count of causing damage to a protected computer.

The case was investigated by the FBI-Baltimore Division’s Cyber Task Force and was prosecuted by Assistant US Attorney Jesse Wenger.

“What Mr Delgado did was not only intentional, reckless, and petty, but also caused a severe disruption in medical care in an underserved community,” said Rachel Byrd, acting special agent in charge of the FBI-Baltimore Field Office.

“Computer intrusion is a crime and the FBI, and our law enforcement partners will continue to pursue those who compromise, mishandle or disrupt computer networks.”

Weiss added that their office

“is committed to prosecuting any individual who thinks attacking a former employer’s computer network is an acceptable reaction to getting fired.”

Such a crime demonstrates the importance of ensuring a rigorous ‘offboarding’ process is in place which includes making sure there has been a handover of tasks and importantly a handover of access to data/systems. This being done in the right way would also likely reduce any dissent from the departing employee.