My Boss Fired Me After I Found He Was Mining Crypto On Hospital Servers; Then On Tuesday Lunch…
The Discovery and the Dismissal
“You’re running Bitcoin mining during heart surgery,” I said it quiet, matter-of-fact, like I was telling Dr. Colin Rousell his coffee was cold.
My name’s Travis Belden. I’m 34, been the systems administrator at St. Alder Regional Medical Center in St. Paul, Minnesota, for 3 years.
I handle server uptime, database maintenance, and security patches. This is the kind of work that keeps life support machines running and patient records accessible when surgeons need them at 3:00 a.m.
I take it seriously because people die when systems fail. That Tuesday morning I’d been tracking unusual GPU spikes on our main server cluster.
There were strange patterns during off-peak hours right when the operating rooms were busiest. Processing power was getting diverted from critical functions.
This is the kind of thing that makes ventilators lag or causes patient monitoring systems to freeze. So I dug deeper.
I found unauthorized mining scripts buried in the server logs. There were cryptocurrency wallets and transaction histories.
All of it traced back to one registered address that belonged to Dr. Rousell, our Chief Innovation Officer. He had been hired 6 months ago to modernize hospital operations.
He’d been siphoning computing power from life critical systems to mine digital currency while patients were on operating tables.
When I walked into his office that morning with printouts of the evidence, he didn’t even look surprised.
He just leaned back in his chair and smiled like I was some kid who’d figured out where he hid the cookies.
“Travis,” he said, “you’re too narrow-minded for real tech innovation.” I set the papers on his desk.
“Visionary programmers find creative revenue streams,” he continued. “Hospitals need alternative income sources. This is forward thinking.”
I stared at him. This man was talking about innovation while potentially compromising surgical equipment during operations.
“The servers are running hot,” I said. “Patient monitoring systems are experiencing micro delays.”
“Negligible impact,” he waved his hand. “I’ve run the calculations.”
“You’ve run calculations on acceptable risk to patient safety?”
“You wouldn’t understand the bigger picture,” he replied. That’s when I knew this wasn’t incompetence or oversight.
It was deliberate and calculated. He knew exactly what he was doing and didn’t care about the consequences.
I picked up the papers from his desk. “Understood,” I said.
I walked out of his office and went back to my workstation. I started making copies of everything.
I gathered full audit trails, IP logs, code snippets, and timestamps. I saved wallet addresses, transaction records, and everything that proved what was happening and when.
Something in his voice told me this conversation wasn’t over. He had that quiet confidence of someone who thought he held all the cards.
He was wrong about that. I’d worked in hospital IT for 8 years before St. Alder.
I started at a smaller facility in Duluth and moved down to the Twin Cities when my dad got sick. I wanted to be closer to family while he went through treatments.
Healthcare technology isn’t glamorous work. You’re the guy people call when the pharmacy system crashes or when a doctor can’t access patient charts.
The hours are long and the stress is high, but it matters.
Every system I maintain could mean the difference between life and death for someone’s father, mother, or kid.
That’s what made Dr. Rousell’s attitude so disturbing. He’d been brought in as part of a hospital modernization initiative.
He was young and charismatic, and he talked a good game about digital transformation and revenue optimization. The board loved him.
He had degrees from prestigious schools and experience at tech startups. But from day one, something felt off.
He’d make requests that didn’t make sense, asking for admin access to systems he had no business touching.
He wanted detailed reports on server capacity during peak hours.
When I’d explain security protocols or mention compliance requirements, he’d get this look like I was being deliberately difficult.
“We need to think outside traditional frameworks,” he’d say. “Disrupt legacy thinking.”
The other IT staff started avoiding him. Janet from database management told me he’d asked her to install experimental monitoring software without going through proper channels.
Kevin from network security mentioned strange requests for firewall modifications. But the red flags really started piling up 3 months ago.
Server performance began degrading during surgical hours. It was nothing catastrophic, but it was noticeable.
Response times were slowing down and backup systems were triggering more frequently. These are the kind of problems that shouldn’t happen with our hardware.
I ran diagnostics, updated drivers, and optimized database queries. Nothing explained the pattern.
Then I started noticing the timing. The performance issues correlated with periods when Dr. Rousell was in the building.
These were late nights, weekends, and early mornings. These were times when administrative oversight was minimal.
I mentioned it to my supervisor, but she was dealing with budget cuts and staff shortages. She told me to keep monitoring and document anything unusual.
So I did. I started logging everything: server loads, network traffic, and user access patterns.
I built a comprehensive picture of what was happening to our systems. The mining operation was sophisticated.
It was hidden in legitimate looking processes and scheduled to run during specific windows. It was designed to avoid detection by standard monitoring tools.
Someone had put real thought into this. That’s what bothered me most.
This wasn’t some amateur mistake. Dr. Rousell had planned this carefully, knowing exactly what risks he was creating for patients.
When I finally confronted him, his response confirmed my worst suspicions. He wasn’t just aware of the risks; he’d calculated them and decided they were acceptable.
That’s when I knew this went deeper than just unauthorized server usage.
The termination notice came the next morning. “Effective immediately,” the HR director said, sliding the paperwork across her desk.
The reasons cited were unauthorized access to restricted administrative tools and violation of company policy regarding system security protocols.
I read through the document. Every accusation was technically accurate but completely twisted.
Yes, I’d accessed server logs. Yes, I’d traced network traffic patterns.
Yes, I’d examined user account activities. All these things were literally part of my job description.
“These are routine diagnostic procedures,” I said.
“Dr. Rousell feels you’ve overstepped your authority,” she replied. “He’s recommended immediate termination to protect sensitive hospital operations.”
I sat there for a moment, letting it sink in. The man who’d been illegally mining cryptocurrency on hospital servers was firing me for discovering his operation.
“What about the mining scripts?” I asked.
“I’m not sure what you’re referring to,” she said. She genuinely didn’t know.
Dr. Rousell had spun this as an IT security issue. He painted me as a rogue administrator who’d violated protocol.
It was a clean narrative with no mention of the actual evidence I’d found.
I signed the termination papers without arguing. I handed over my access badge and building keys.
I walked out to my truck and sat in the parking lot for 20 minutes. I was not angry, just thinking.
This wasn’t about my job anymore. Dr. Rousell had made a critical miscalculation.
