Martin Gottesfed, a 32-year old biotech professional from Somerville, Mass., was found guilty of committing a Distributed Denial of Service Attack (DDoS) on Boston Children’s Hospital. His assault caused moderate-to-severe system interruptions, which inhibited daily operations and incurred roughly $300,000 in necessary repairs once the attack was done. He was sentenced to 10 years behind bars in February 2016, and also received a hefty $443,000 fine for his efforts.
After perpetrating the attack, allegedly under the umbrella of the infamous hacker group Anonymous, according to a series of public tweets he posted prior to the assault, he attempted to flee to Cuba. Unfortunately, for himself and his wife, their boat became stranded off the coast of Cuba until a Disney cruise liner responded to their distress call and rescued them; after which, Gottesfed was forced to return to the states to face the music.
He claimed that his attacks were actually meant to be a form of justice in a statement saying, “I had heard … too many … horror stories of institutionalized children who were killed or took their own lives in the so-called ‘troubled teen industry.’”
His motivation for initiating the DDoS attack was reportedly due to an ongoing custody case involving a teenager named Justina Pelletier, who had been taken from her parents because of allegations by the hospital that they were medically abusing her.
Gottesfed’s wife, Dana, went on the record decrying the judge’s harsh sentencing of her husband stating, “It’s incredibly harsh and way more than people usually get for CFAA violations. It’s also a really stark contrast that Marty got 10 years and Boston Children’s Hospital, who literally abused a child, are protected from any kind of accountability.”
She has made it clear that she intends to appeal the judgement passed in her husband’s case as misplaced, citing the judge assigned to the case as allegedly harboring a conflict of interest.
Martin’s sentence also carried additional charges associated with a similar attack that was carried out with an unknown co-conspirator against Wayside Youth & Family Support Network. The attack came two days after it was ruled that Pelletier’s parents would be losing custody of her to the state and lasted for more than a week. Approximately $18,000 in damages were accrued over the attack’s duration, as Wayside attempted to implement mitigation efforts.
While there is still some debate among experts as to whether attacks like these represent a significant risk of similar cyber-crimes involving the health care industry, there is no doubt that DDoS attacks constitute a serious threat if they were to become more commonplace. Whether this is a signal of more DDoS attacks to come or simply a series of outliers, the need to properly protect against attempted hackers has never been more apparent. Visit HIPAAgps to stay up-to-date on notable security breach news, as well as measures you can take to keep your own systems secure.