Michigan man accused in 2014 hack of medical center, sale of data on 65,000 people

Federal agents have arrested a 29-year-old Michigan man for allegedly hacking into a medical center in 2014, stealing data on more than 65,000 people and then selling it on the dark web, the Department of Justice announced Thursday.

A 43-count indictment charges Justin Sean Johnson with wire fraud, aggravated identity theft and conspiracy for the hack of a database at University of Pittsburgh Medical Center (UPMC), Pennsylvania’s largest health care system. Johnson’s sale of medical center employees’ Social Security numbers and addresses led other alleged criminals to claim hundreds of thousands of dollars in fake IRS tax refunds, prosecutors said.

“The health care sector has become an attractive target of cyber criminals looking to update personal information for use in fraud,” Timothy Burke, special agent in charge for the U.S. Secret Service in Pittsburgh, said in a statement.

The indictment also alleges that from 2014 to 2017 Johnson sold other personally identifiable information on dark web forums that led to $1.7 million in fraudulent tax refunds.

Johnson made his initial appearance in federal court on Wednesday in the Eastern District of Michigan. Johnson’s detention hearing was set for Thursday afternoon. Benton Martin, who is listed in court records as representing Johnson, did not respond to a request for comment.

“We appreciate the diligent and thorough work of the U.S. Attorney’s Office for the Western District of Pennsylvania, Internal Revenue Service, U.S. Secret Service, U.S. Postal Inspection Service, Department of Homeland Security Office of Inspector General and all authorities who contributed to solving this case,” UPMC spokesperson Gloria Kreps said in a statement.

You can read the indictment below.

https://www.documentcloud.org/documents/6952757-Johnson-Indictment.html