OAKLAND — A U.S. District judge sentenced a Dublin resident to 18 months in federal prison Thursday, after he pleaded guilty to damaging computers belonging to his former East Bay employer, authorities said.
Vamsikrishna Naganathanahalli entered his plea on Aug. 15, 2024, to three counts of knowingly causing damage without authorization to a protected computer, according to a statement from Ismail Ramsey, the U.S. Attorney for the Northern District of California.
According to the plea, Naganathanahalli knowingly caused the transmission of a program, information, code or command that caused that damage, Ramsey said. He added that Judge Yvonne Gonzalez Rogers also fined Naganathanahalli $400,930 in restitution.
Ramsey said Naganathanahalli worked for MedAmerica, Inc., part of the Vituity group of companies, from October 2018 to June 2022. Vituity is based in Emeryville and included physician partners and other professional healthcare employees who worked as contractors in hospital emergency rooms, outpatient, telehealth and other clinics. Vituity also employed non-clinical healthcare personnel who worked with healthcare providers in various facilities, Ramsey said.
To organize their human resource data for approximately 7,000 employees, the company used the Oracle Human Capital Management platform. Ramsey said that platform contained records for current and past Vituity employees, information that included social security numbers, salaries and addresses.
According to Ramsey, Naganathanahalli — a senior HCM architect at Vituity — admitted in his plea that he used his access to a privileged HCM service account to change the password for another employee’s privileged HCM account without authorization on May 28, 2022. A day earlier, Vituity had notified Naganathanahalli that they were ending his employment.
Ramsey said Naganathanahalli admitted in his plea that he did the same thing again on Sept. 6, 2022, to change a contractor’s password and load “dummy” or “masked” data into that account, replacing the real data. That action happened after Naganathanahalli’s employment ended.
Naganathanahalli admitted that the masked data overwrote the real date of Vituity’s HCM live production environment for approximately 90% of the company’s employees, Ramsey said. That caused the loss of $400,930 for the company.
He is scheduled to begin serving his sentence on July 20.