Hacktivist Convicted for DDoS Attack on Children’s Mercy Hospital
A hacktivist who conducted a Distributed Denial of Service (DDoS) attack on Boston’s Children’s Mercy Hospital in 2014 has been convicted on two counts – conspiracy to intentionally damage protected computers and damaging protected computers – by a jury in the U.S. District Court in Boston.
Martin Gottesfeld, 32, of Somerville, MA, conducted the DDoS attacks in March and April of 2014. He first conducted a DDoS attack on Wayside Youth and Family Support Network in Framingham, MA. The attack crippled its systems and took them out of action for more than a week. The attack cost the healthcare facility $18,000 to resolve.
Following that attack, Gottesfeld conducted a much larger attack on Boston Children’s Hospital using 40,000 malware-infected network routers that he controlled from his home computer. The attack was planned for a week and occurred on April 19, 2014.
Such was the scale of the attack that the hospital and several others in the Longwood medical area were knocked off the internet. 65,000 IP addresses used by the hospital and other healthcare facilities in the area were prevented from being available for legitimate communications. The attack affected the hospitals’ ability to communicate, use the internet, and even provide care to certain patients.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The attack disrupted operations at Boston Children’s Hospital for two weeks and cost an estimated $300,000. A further $300,000 was lost donations as its fundraising portal was also taken offline as a result of the attack.
Gottesfeld claimed he conducted the DDoS attacks on behalf of the hacktivist group Anonymous in response to the way the hospital had behaved over a child custody case.
The custody case in question received national media attention and resulted in the parents of Connecticut teenager Justina Pelletier losing custody of their daughter. Children’s Mercy Hospital alleged Justina’s parents were medically abusing their daughter and custody was passed over to the commonwealth of Massachusetts.
Justina was receiving treatment for mitochondrial disease at Boston’s New England Medical Center but was transferred to Children’s Mercy Hospital where she was diagnosed as having somatoform disorder. Justina’s parents disagreed with the diagnosis and attempted to get their daughter discharged. The hospital refused, and in the subsequent legal battle, Justina’s parents lost custody of their child.
Gottesfeld was suspected of conducting the DDoS attacks and his home was searched by federal law enforcement officers in October 2014. Several servers, computers and hard drives were seized although Gottesfeld was not officially charged at the time.
Gottesfeld went missing in February 2016 but was found after getting into difficulty when sailing in a small boat. He was rescued off the coast of Cuba by a passing cruise ship and was arrested when the cruise ship docked in Miami. The FBI claimed Gottesfeld was attempting to flee the United States.
Gottesfeld will be sentenced on Nov. 14, 2018 and potentially faces a fine of up to $500,000, plus restitution, and up to 15 years in jail – A maximum of 5 years for the conspiracy charge and up to 10 years for the criminal damage charge, with a further 3 years of supervised release.
