Hossein Heydari, 61, of Gaithersburg, Maryland, admitted in federal court today to sabotaging Oregon’s Medicaid Management Information System (MMIS) in a deliberate cyberattack that knocked critical health services offline for hours. Heydari pleaded guilty to one count of fraud and related activity in connection with computers, capping a years-long investigation into one of the most brazen insider cyberattacks on a state health network in recent memory.
Heydari, a former system administrator for Hewlett Packard Enterprises (HPE), had high-level access to Oregon MMIS servers in Salem as part of HPE’s contract with the Oregon Health Authority. On October 28, 2016, he was laid off. Days later, he exploited his credentials to remotely access and alter key system components, triggering a full failure that lasted eight hours—disrupting access to patient eligibility, prescriptions, and care authorizations across the state.
“Mr. Heydari’s illegal intrusion of the Oregon Medicaid system posed a serious risk to public health, jeopardizing patient medical exams, diagnoses and treatment,” said Billy J. Williams, U.S. Attorney for the District of Oregon. The MMIS serves as the backbone for thousands of medical providers, pharmacies, and vulnerable patients relying on Medicaid benefits—any disruption puts lives on the line.
Renn Cannon, Special Agent in Charge of the FBI in Oregon, emphasized the danger of trusted insiders turning rogue. “It is very important that the FBI and its partners work to deter future attacks by holding people such as Mr. Heydari responsible for their actions,” Cannon said. The FBI’s Oregon Cyber Task Force led the investigation, urging organizations to report suspected intrusions immediately to mitigate damage and track perpetrators.
Heydari faces up to 10 years in federal prison, a $250,000 fine, and three years of supervised release. He is scheduled to be sentenced on August 12, 2019, before U.S. District Court Judge Michael H. Simon. As part of his plea agreement, Heydari has agreed to pay $44,777 in restitution to the Oregon Health Authority and $31,195 to HPE—amounts reflecting direct recovery costs from the breach.
The case underscores the growing threat of insider cyberattacks on public infrastructure. Authorities warn that disgruntled employees with administrative access represent a ticking time bomb for government and corporate networks. Any entity suspecting a cyber intrusion should contact the FBI’s Internet Crime Complaint Center at www.ic3.gov or call the nearest FBI office immediately.
RELATED: Predator Got 20: MO Man Sexually Abused Teen
RELATED: Medicaid Scam: St. Louis Woman Pleads Guilty
Related Federal Cases
- Maryland Man Pleads Guilty to Facebook Threats · Maryland
- Virginia Gamer Gets 18 Months for Threatening Maryland Devs · Maryland
- Iran Cyber Attacks · Maryland
- Oregon Man Sentenced for Internet Service Heist · Massachusetts
- James Leads Coalition Against Extremist SAVE America Act · New Mexico
Key Facts
- State: Oregon
- Agency: DOJ USAO
- Category: Cybercrime
- Source: Official Source ↗
🔒 Get the grimiest stories delivered weekly. Subscribe free →
Browse More
