Vikas Singla, former COO of Securolytics, Admits to Hacking Two Hospitals to Boost Business.
In a shocking turn of events, a cybersecurity expert has pleaded guilty to hacking two hospitals. The accused, Vikas Singla, was the former Chief Operating Officer of Securolytics, a network security company specializing in the healthcare industry. According to the indictment, Singla hacked into the systems of two hospitals within the Gwinnett Medical Center (GMC) in June 2021, aiming to increase his company's business.
The Attack
Singla's cyberattack, which took place on September 27, 2018, disrupted the health provider's phone and network printer services. He also stole the personal information of over 200 patients from a digitizing device connected to a mammogram machine in GMC's Lawrenceville hospital.
The Message
In an audacious move, Singla used over 200 Duluth printers in the GMC hospital to print stolen patient information and messages stating, “WE OWN YOU.” The guilty plea indicates that Singla sought to generate publicity and business for Securolytics through this attack.
The Promotion
Singla took to Twitter to “promote” the GMC hack, tweeting the names, dates of birth, and sexes of 43 patients whose data had been stolen. His company, Securolytics, also contacted potential clients following the attack, referencing the GMC incident in their emails.
The Charges
The former COO was charged with 17 counts of intentional damage to a protected computer and one count of obtaining information from a protected computer. Prosecutors estimate that Singla's attack resulted in more than $817,000 in financial losses.
The Plea Deal
Singla has agreed to pay over $817,000 plus interest in restitution to the Northside Hospital Gwinnett in Lawrenceville and the Ace American Insurance Company as part of his plea deal. Prosecutors are recommending a sentence of 57 months probation, including home detention, due to Singla's diagnosis of a rare and incurable form of cancer and a potentially dangerous vascular condition.
This case highlights the paradox of a cybersecurity expert turning cybercriminals, exploiting his expertise to hack into the systems he was tasked to protect. As the court date looms, the healthcare industry and cybersecurity firms will be watching closely, as this case underscores the critical importance of trust and integrity in cybersecurity. The sentence, scheduled for February 15, 2024, could carry a maximum term of imprisonment of 10 years, marking a significant chapter in the ongoing battle against cybercrime.
George Smith, with over a decade in tech journalism, excels in breaking down emerging tech trends. His work, spanning tech blogs and print, combines in-depth analysis with clarity, appealing to a wide readership. George's pieces often explore technology's societal impact, showcasing his foresight in industry trends.
