My Boss Fired Me After I Found He Was Mining Crypto On Hospital Servers; Then On Tuesday Lunch…
The Federal Investigation and Evidence of Risk
He thought firing me would make the problem disappear. He thought that removing the person who’d discovered his operation would somehow erase the evidence.
But I’d already backed up everything. I had full documentation stored in multiple locations.
I had timestamps proving when the mining activities occurred. I had transaction records showing where the profits went.
I had correlation data demonstrating the impact on hospital systems during surgical procedures. He’d gotten rid of the witness but not the testimony.
I started my truck and drove home. I spent the afternoon organizing the evidence into a comprehensive report.
I laid out IP addresses, wallet transactions, and system performance logs. Everything was in chronological order with clear documentation of the patients’ safety implications.
Then I made a phone call. The Minnesota Department of Health has a fraud reporting hotline.
It takes about 10 minutes to file a formal complaint if you have proper documentation.
They ask detailed questions about the mining operation and the timing during surgical procedures. They ask about the potential impact on patient care.
“We’ll need to forward this to the medical board,” the investigator said, “and probably the Office of the Inspector General.”
“This involves potential violations of federal healthcare regulations.” “I understand,” I replied.
“Are you willing to provide testimony if needed?” “Yes.”
I hung up and made dinner. I watched the news and went to bed early.
Dr. Rousell thought he’d solved his problem by eliminating me. He was about to discover he’d only made it bigger.
The investigation started Tuesday morning. I was having coffee at home when my phone rang.
It was an unknown number with a Minnesota area code.
“Mr. Belden, this is Special Agent Patricia Walsh with the Office of Inspector General.”
“We’ve reviewed your complaint regarding cryptocurrency mining at St. Alder Regional Medical Center. Can you meet with our forensic team this afternoon?”
“Yes.”
“We’ll need access to your documentation. We’ll want you present when we examine the hospital servers.”
2 hours later, I was walking back into St. Alder with three federal investigators and a forensic computer specialist.
The look on Dr. Rousell’s face when he saw me in the lobby was worth the entire ordeal.
“What’s the meaning of this?” he demanded, approaching our group.
“Dr. Rousell,” Agent Walsh showed her credentials.
“We’re here regarding allegations of unauthorized system usage affecting patient care operations. We’ll need access to your server room.”
“This is ridiculous,” he said. “Mr. Belden was terminated for security violations. He’s not authorized to be in this building.”
“He’s here as a witness in a federal investigation,” she replied.
The hospital administrator appeared, looking confused and concerned. Within minutes we had full access to the IT infrastructure.
What the forensic specialist found exceeded even my documentation. The mining operation was more extensive than I’d realized.
There were multiple cryptocurrency wallets and transactions dating back 4 months. Estimated profits exceeded $60,000.
All of this happened while diverting processing power from critical medical systems.
But the real revelation came when they traced the network activity during specific surgical procedures.
“Look at this,” the specialist said, pointing to her laptop screen.
“On March 15th, during a 6-hour cardiac surgery, mining activity spiked to maximum capacity.”
“The patient monitoring system experienced a 12-second delay in data processing.”
A 12 seconds doesn’t sound like much.
But when someone’s heart stops during surgery, 12 seconds can mean permanent brain damage or death.
Agent Walsh turned to Dr. Rousell.
“Were you aware that your mining operation was impacting life critical systems during active surgical procedures?”
“There’s no evidence of patient harm,” he said quickly.
“That’s not what I asked.”
The hospital administrator stepped forward. “Dr. Rousell, is this true? Have you been running unauthorized software on our medical systems?”
“This is a misunderstanding. I was testing innovative revenue streams to help offset hospital operating costs.”
“The mining activity was carefully scheduled to minimize any impact during surgeries.”
Agent Walsh’s voice was flat. “The calculations showed negligible risk.”
That’s when I understood the full scope of what he’d done.
This wasn’t just theft or unauthorized system usage. Dr dr Rousell had knowingly compromised patient safety for personal profit.
Then he calculated the risks and decided they were acceptable.
The investigation team spent 6 hours documenting everything. They gathered server logs, financial records, and correspondence between Dr. Rousell and the cryptocurrency exchanges.
They found emails where he’d researched mining profitability and compared it to potential system performance impacts.
One message to a tech consultant was particularly damning.
“Need to optimize mining efficiency during peak hospital hours. Can we increase GPU utilization without triggering monitoring alerts?”
Another email discussed acceptable latency thresholds for medical equipment.
It asked whether brief delays in patient monitoring would be noticed by surgical staff.
He’d researched the risks and calculated the probabilities.
He decided that potential patient harm was an acceptable cost for his cryptocurrency profits.
By evening, Dr. Rousell had requested legal representation. The hospital administrator called an emergency board meeting.
Agent Walsh asked if I’d be available for additional testimony as the investigation expanded.
“This is just the beginning,” she said.
“We need to determine if any patients were actually harmed by the system delays. That could turn this into criminal charges.”
I drove home that night knowing Dr. Rousell’s carefully constructed plan was unraveling.
He tried to eliminate the problem by firing me.
But federal investigators don’t care about employment disputes; they care about evidence.
Now he was facing something much bigger than a personnel issue.
The medical board review began the following week. Dr. Margaret Hayes, the lead investigator, was a surgeon with 30 years of experience.
She had zero tolerance for anything that compromised patient safety.
She’d reviewed cases involving medical malpractice, equipment failures, and administrative negligence. She’d never seen anything like Dr. Rousell’s operation.
“In my professional opinion,” she said during the formal hearing, “Knowingly diverting computational resources from life critical systems represents gross negligence and willful endangerment of patients.”
The board had subpoenaed records from the past 6 months. What they found painted a disturbing picture of systematic deception.
Dr. Rousell hadn’t just been mining cryptocurrency. He’d been actively concealing the impact on hospital operations.
Medical equipment performance reports had been altered. System maintenance logs showed suspicious deletions.
Several instances of surgical equipment malfunctions had been attributed to routine technical issues.
They were actually caused by resource conflicts with mining software.
The most damaging revelation came from the surgical records review.
On April 3rd, during an emergency appendectomy, the patient monitoring system had experienced a 47-second delay in displaying vital signs.
The surgical team had noticed the anomaly but assumed it was equipment lag.
The patient survived, but the delay had prevented early detection of blood pressure fluctuations that required immediate intervention.
On April 22nd, an anesthesia monitoring system had frozen for 18 seconds during a routine gallbladder removal.
Again the surgical team compensated, but the incident created unnecessary risk and stress during the procedure.
On May 7th, the most serious incident occurred during a complex brain surgery.
Imaging systems had experienced processing delays that forced the surgical team to pause the operation for 3 minutes while equipment recalibrated.
3 minutes of uncertainty during brain surgery because Dr. Rousell wanted to mine Bitcoin.
The board also discovered financial irregularities beyond the cryptocurrency operation.
Dr. Rousell had been billing the hospital for system optimization consulting while actually installing mining software.
He’d submitted purchase orders for high performance graphics cards, claiming they were needed for medical imaging enhancements.
The cards had been diverted to cryptocurrency mining.
He’d also created fake vendor invoices for security software that was actually mining pool access fees.
The total theft exceeded $120,000 in equipment and billing fraud plus the cryptocurrency profits.
But the board was most concerned about the pattern of deception.
“This wasn’t opportunistic misconduct,” Dr. Hayes explained.
“Dr. Rousell systematically concealed his activities while knowingly creating risks to patient safety.”
“He falsified maintenance reports, deleted system logs, and misrepresented equipment malfunctions to avoid detection.”
The investigation also revealed that Dr. Rousell had been researching similar operations at other hospitals.
Email records showed correspondence with cryptocurrency mining forums.
He’d discussed hospital server mining opportunities and shared strategies for avoiding detection by IT security teams.
He’d planned to expand the operation to other medical facilities if St. Alder proved successful.
