A 45-year-old Chief Operating Officer of a network security company in Atlanta, Georgia was indicted this week for launching a cyber attack on Gwinnett Medical Center, a not-for-profit healthcare network that runs two hospitals in the state of Georgia.
Vikas Singla, the indicted cyber security professional, is the Chief Operating Officer of Securolytics, a network security firm based in the Atlanta Metropolitan area. Raised in 2016 by Singla and co-founder and CEO Sanket P., the company provides real-time cyber security for connected medical and infrastructure Internet-of-Things (IoT) devices to enterprises.
According to the indictment papers, on September 27, 2018, Singla launched a cyber attack targeting Gwinnett Medical Center with the aim of disrupting phone services, network printer services, and obtaining information from a digitizing device for financial gain.
The list of devices targeted by Singla included a Hologic R2 Digitizer, 17 printers supplied by Lexmark, and a computer used by the healthcare network to operate the printers. The indictment documents also mentioned that Singla was aided and abetted by unknown persons in the course of carrying out the cyber attack.
Chris Hacker, Special Agent in Charge of the FBI’s Atlanta Field Office, said that the cyber attack could not only have disastrous consequences, but patients’ personal information was also compromised. “The FBI and our law enforcement partners are determined to hold accountable, those who allegedly put people’s health and safety at risk while driven by greed.”
It is, however, not clear what kind of malware Singla used to target phones, printers, and computers owned by Gwinnett Medical Center or how the cyber attack could enable him to earn money. Nevertheless, any form of cyber attack on a healthcare provider could result in serious consequences, including the inability of hospitals to provide urgent medical care to patients.
Criminal disruptions of hospital computer networks can have tragic consequences. The department is committed to holding accountable those who endanger the lives of patients by damaging computers that are essential in the operation of our health care system,” said Acting Assistant Attorney General Nicholas L. McQuaid of the Justice Department’s Criminal Division.
If found guilty on all charges, Singla could potentially face a maximum of ten years in prison for each count of intentional damage to a protected computer, and a maximum of five years in prison for stealing data from a protected computer.
The cyber attack conducted by Singla was first discovered by Salted Hash in late September 2018, soon after which IT staff at Gwinnett Medical Center were made aware of a data breach that involved the theft of data of several hundred patients.
Soon after the theft took place, the hackers started making threats to the healthcare provider and started leaking patient records online. The leaked records, according to Salted Hash, included patients’ full names, dates of birth, and gender.
“GMC takes cyber security very seriously and we are committed to maintaining the integrity, availability and confidentiality of our systems and data. That starts with identifying threats and conducting audits and it includes the processes, procedures, and safeguards that we have in place to protect our systems,” a spokesperson from Gwinnett Medical Center told Salted Hash.