The hacker who breached healthcare.gov is now in prison. According to an official press release from the Department of Justice (Eastern District of Louisiana), Colbi Trent Defiore, a 27-year-old resident of Carriere, Miss., has been given the sentence of “42 months imprisonment, 3 years of supervised release and payment of a $100 special assessment fee.” The sentence was handed down by United States District Judge Jay A. Zainey and follows a previous guilty plea from Defiore for violating computer access laws as they are stated in 18 U.S.C. ‘ 1030(a)(2)(C).
In 2018, Colbi Trent Defiore illegally accessed private data on the healthcare.gov website, a site primarily used for U.S. citizens who receive medical coverage under the Affordable Care Act (aka Obamacare). Defiore was able to gain access by leveraging his position as a seasonal employee at Centers for Medicare & Medicaid Services (CMS), namely in the Louisiana city of Bogalusa, to illegally access and steal personal data from the healthcare.gov database. In total, Defiore was able to access personal data of over 8,000 individuals in the database.
The following excerpt from the DOJ press release details Defiore’s exact attack methodology of the healthcare.gov breach, usage of data, and damage caused:
“DEFIORE conducted “bulk searches” of the database… DEFIORE then copied the results of his searches onto a virtual clipboard and sent them to himself via email. After work hours, DEFIORE accessed Company A’s network remotely without authorization to retrieve his work email. DEFIORE used the personal information of at least five consumers to apply fraudulently for at least six credit cards, loans, and lines of credit for his personal benefit. In total, DEFIORE’S conduct caused reasonably foreseeable loss to the companies that operated the call center, including costs associated with responding to the offense, conducting a damage assessment, responding to and remediating damage, contacting consumers who were potential victims, and providing theft protection services for consumer-victims, in the amount of $587,000.”
According to the DOJ of Lousiana’s Eastern District, the FBI was largely responsible for the investigation that led to Defiore’s apprehension. Assistant United States Attorney Jordan Ginsberg was the leading prosecutor on the case.
With government agencies and municipalities being targeted more and more by cybercriminals, this sentence will, hopefully, send a message to any would-be hackers.
Featured image: Flickr / Michael Coghlan