Boston Children’s Hospital DDoS Attacker Sentenced to 10 Years in Jail

Martin Gottesfeld, 34, of Somerville, MA, the hacker responsible for a Distributed Denial of Service (DDoS) attack on Boston Children’s Hospital in 2014, has been sentenced to 10-years in jail for the attack and must pay $443,000 in damages.

Gottesfeld launched DDoS attacks on Boston Children’s Hospital and the Framingham, MA, Wayside Youth and Family Support Network in 2014 in protest about the way a suspected child abuse case was handled.

A teenager named Justina Pelletier was admitted to Boston Children’s Hospital in 2013 after a doctor at Tufts Medical Center made a recommendation to transfer her so she could see her long-time gastroenterologist. Justina had been diagnosed with mitochondrial disease; but according to Boston Children’s Hospital, her condition was psychological and not physical.

The parents of Justina wanted their daughter to be transferred to Tufts Medical Center but Boston Children’s hospital believed the parents’ actions and interference constituted medical abuse. In the following child custody case, the parents lost custody of their daughter to the state of Massachusetts. For the following 16 months, Justina was placed in state custody.

In response to the incident, Gottesfeld conducted a DDoS attack on Wayside Youth and Family Support Network in March 2014. This is where Justina resided after being discharged from hospital. Gottesfeld also attacked Boston Children’s Hospital in April 2014. The attack resulted in substantial disruption to the hospital’s day-to-day operations for two weeks.

Prosecutors assert the attacks did not just disrupt patient services at Boston Children’s Hospital, but also affected its research activities, interrupted communications with other healthcare services, and resulted in a $300,000 loss of donations because its fundraising website was taken out of action. The Wayside Youth and Family Support Network spent approximately $18,000 on its response to the DDoS attacks.

HIPAA
Compliance
Checklist

Simple Guidelines
Immediate PDF Download

Immediate Access

Privacy Policy

Gottesfeld was suspected of the DDoS attacks and was served a warrant of arrest in October 2014 by the FBI, which seized his PC and hard drives. He was not charged at that time and Gottesfeld fled the country with his wife in February 2016, despite the pending charges. The couple got themselves into trouble while in a small boat somewhere off Cuba’s coast. A passing Disney cruise ship picked them up after picking up their distress signal. The FBI arrested Gottesfeld when the ship reached port in Miami.

Gottesfeld was charged in August 2018 with two counts of causing damage to protected computers and two counts of conspiracy. Gottesfeld said he did not regret what he had done. According to Assistant U.S. Attorney David D’Addio, the attacks endangered children’s lives and Gottesfeld would most likely commit other attacks if released from jail in the future. Gottesfeld plans to launch an appeal against the sentence.

About Liam Johnson
Liam Johnson has produced articles about HIPAA for several years. He has extensive experience in healthcare privacy and security. With a deep understanding of the complex legal and regulatory landscape surrounding patient data protection, Liam has dedicated his career to helping organizations navigate the intricacies of HIPAA compliance. Liam focusses on the challenges faced by healthcare providers, insurance companies, and business associates in complying with HIPAA regulations. Liam has been published in leading healthcare publications, including The HIPAA Journal. Liam was appointed Editor-in-Chief of The HIPAA Guide in 2023. Contact Liam via LinkedIn: https://www.linkedin.com/in/liamhipaa/