United States Attorney Karen P. Hewitt announced that Jon Paul Oson was convicted today by a federal jury in San Diego on federal computer hacking charges. Mr. Oson was charged in an indictment on August 25, 2006, with two counts of intentionally damaging protected computers. Following a trial before the Honorable Thomas J. Whelan, United States District Judge, that started on August 21, 2007, Oson was convicted on both counts.

The evidence at trial established that, among other things, as summarized below, Oson deleted patient data of the North County Health Services clinic (“NCHS”), which data was stored at the facilities of Oson’s former employer, the Council of Community Health Clinics (“CCC”), in San Diego. In addition to causing financial losses at CCC, NCHS and other CCC member clinics, the deletion of the data caused patient care at NCHS to suffer.

According to court documents, Mr. Oson was employed as a network engineer and as technical services manager for the Council of Community Health Clinics from May 2004 until October 2005. CCC is a non-profit organization that provides a variety of services to its membership and consists of seventeen Community Health Clinics located in San Diego and Imperial Counties. The largest member clinic is North County Health Services. NCHS, like the other member clinics of CCC, provides medical services to the poor, the uninsured and the under-insured. NCHS used CCC’s information technology services to host and manage its Practice Management system. This software is used by NCHS for billing, scheduling of patient appointments and for tracking medical information of NCHS patients, including diagnosis, treatment plans and case history. Mr. Oson’s resignation from CCC followed a performance evaluation that he perceived as negative.

The jury convicted Mr. Oson of accessing the CCC network without authority on December 23, 2005, and disabling the automatic process that created backups of the patient information for the NCHS database. The jury also found that on December 29, 2005, Oson attacked the CCC system again and systematically deleted data and software on several CCC servers, including the patient data for NCHS. In addition to attacking the NCHS servers at CCC, Oson deleted and attempted to delete data and software in several other CCC servers used by CCC and by other clinics.

This case was investigated by Special Agents assigned to the Cybercrime Squad of the San Diego Division of the Federal Bureau of Investigation.

Oson is scheduled to appear for sentencing before United States District Court Judge Thomas J. Whelan on November 14, 2007.

DEFENDANT Case Number: 06cr1875-W

Jon Paul Oson Chula Vista, California Age: 38

SUMMARY OF CHARGE

Two Counts - Title 18, United States Code, Section 1030(a)(5)(A)(i) - Intentionally Damaging a Protected Computer Maximum Penalty: 10 years’ imprisonment and $250,000 fine per count

AGENCY

Federal Bureau of Investigation

San Diego Press Releases  | San Diego Home Page