I would understand a disgruntled employee to harm a company (even public), but with an action that could kill hundreds of people? that would not be disgruntling. That would be psychopathic. Also, I don't think that a person smart enough to pull that off (even if rudimentary) would not know the consequences and most likely that he would get caught. Hard to believe that is an ex-employee IMO
Or maybe a Q nutjob working there and taking back the country
whilst obviously possible to do, someone had to be added to the authorised list of remote accesses to do what was done. It wasn't simply a remote in from home thing, the receptionist isn't going to have network privileges to change chemical controls.
The best initial guess would be employee, simply because the steps for others to get access to the network and also get added to an authorisation list means careful planning over a long period of time. Possible, but more evidence is needed.
Furthermore, state actors don't usually just go for the "poison everyone now we have hacked in", they feck with systems and basically troll controllers. This incident was pretty much:
1. have network accesses for chemical control systems
2. Change a specific value in a system to a dangerous level.