Michigan man accused in 2014 hack of medical center, sale of data on 65,000 people

Justin Sean Johnson allegedly hacked the University of Pittsburgh Medical Center, Pennsylvania’s largest health care system.

Federal agents have arrested a 29-year-old Michigan man for allegedly hacking into a medical center in 2014, stealing data on more than 65,000 people and then selling it on the dark web, the Department of Justice announced Thursday.

A 43-count indictment charges Justin Sean Johnson with wire fraud, aggravated identity theft and conspiracy for the hack of a database at University of Pittsburgh Medical Center (UPMC), Pennsylvania’s largest health care system. Johnson’s sale of medical center employees’ Social Security numbers and addresses led other alleged criminals to claim hundreds of thousands of dollars in fake IRS tax refunds, prosecutors said.

“The health care sector has become an attractive target of cyber criminals looking to update personal information for use in fraud,” Timothy Burke, special agent in charge for the U.S. Secret Service in Pittsburgh, said in a statement.

The indictment also alleges that from 2014 to 2017 Johnson sold other personally identifiable information on dark web forums that led to $1.7 million in fraudulent tax refunds.


Johnson made his initial appearance in federal court on Wednesday in the Eastern District of Michigan. Johnson’s detention hearing was set for Thursday afternoon. Benton Martin, who is listed in court records as representing Johnson, did not respond to a request for comment.

“We appreciate the diligent and thorough work of the U.S. Attorney’s Office for the Western District of Pennsylvania, Internal Revenue Service, U.S. Secret Service, U.S. Postal Inspection Service, Department of Homeland Security Office of Inspector General and all authorities who contributed to solving this case,” UPMC spokesperson Gloria Kreps said in a statement.

You can read the indictment below.

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts