NEWARK, N.J. – A Louisiana man today admitted that he illegally accessed a healthcare company’s online portal and downloaded more than 60,000 laboratory reports belonging to more than 30,000 patients, U.S. Attorney Craig Carpenito announced.
David Manno, 35, of Marrero, Louisiana, pleaded guilty before U.S. District Judge Katharine S. Hayden in Newark federal court to an information charging him with exceeding authorized access to a protected computer.
According to documents filed in the case and statements made in court:
The victim was a publicly traded healthcare company with its headquarters in New Jersey. The company offered a web-based portal through which patients could access their medical and health information, schedule laboratory testing, track their healthcare provider information, maintain medical records, and pay for services. Patients were able to log in to the portal by using a unique username and password. In November 2016, Manno accessed the portal and sent requests that caused the portal to send him lab reports belonging to other patients. Manno sent more than 150,000 modified requests, causing the portal to send him more than 60,000 laboratory reports for more than 30,000 patients.
The charge of exceeding access to a protected computer is punishable by a maximum potential penalty of five years in prison and a fine of $250,000, or twice the gross profit or loss caused by the offense, whichever is greater. Sentencing is scheduled for Feb. 3, 2021.
U.S. Attorney Carpenito credited special agents of the FBI, under the direction of Special Agent in Charge George M. Crouch Jr. in Newark, with the investigation leading to today’s guilty plea.
The government is represented by Assistant U.S. Attorney Andrew Kogan of the U.S. Attorney’s Office Cybercrime Unit in Newark.