Cybersecurity firm executive pleads guilty to hacking hospitals

The former chief operating officer of a cybersecurity company has pleaded guilty to hacking two hospitals, part of the Gwinnett Medical Center (GMC), in June 2021 to boost his company's business.

Vikas Singla, who worked for Securolytics, a network security company that provided services to the healthcare industry, pleaded guilty to hacking into the systems of GMC Northside Hospital hospitals in Duluth and Lawrenceville, as prosecutors said in a June 2021 indictment.

During his attack on September 27, 2018, he disrupted the health provider's phone and network printer services, and he stole the personal information of more than 200 patients from a Hologic R2 Digitizer digitizing device connected to a mammogram machine on GMC's Lawrenceville hospital.

On the same day, Singla used over 200 printers in the GMC hospital in Duluth to print stolen patient information and "WE OWN YOU" messages.

"The Defendant attempts to create and use publicity about the attack, including by causing the publication of information obtained without authorizations from the Digitiaze, to generate business for Securolytics," the guilty plea reads.

Singla "promoted" the GMC hack on Twitter, tweeting the names, dates of birth, and sexes of 43 patients whose data had been stolen in the breach. Securolytics also reached out potential clients after Singla's attack, highlighting the GMC incident in the emails.

Prosecutors ask for 57 months of probation

"This cyberattack on a hospital not only could have had disastrous consequences, but patient's personal information was also compromised," said Chris Hacker, Special Agent in Charge of FBI Atlanta.

"The FBI and our law enforcement partners are determined to hold accountable, those who allegedly put peoples health and safety at risk while driven by greed."

Singla was charged with 17 counts of intentional damage to a protected computer and one count of obtaining information from a protected computer. Prosecutors say that the defendant's attack on GMC's ASCOM phone system, printers, and digitizer resulted in more than $817,000 in financial losses.

He has now agreed to pay over $817,000 plus interest in restitution to the Northside Hospital Gwinnett in Lawrenceville and the Ace American Insurance Company as part of the plea deal.

The prosecutors will recommend a sentence of 57 months probation, including home detention, based on Singla being diagnosed with "a rare and incurable form of cancer" and "a potentially dangerous vascular condition," which warrant "home detention as an alternative to incarceration" so that the defendant can receive appropriate medical care.

The judge can impose a maximum term of imprisonment of 10 years during the sentencing hearing scheduled for February 15, 2024.