Former infosec COO pleads guilty to attacking hospitals to drum up business

Trending 1 week ago

An Atlanta tech company's above COO has pleaded accusable to a 2018 adventure in which he advisedly launched online attacks on two hospitals, after citation the incidents in sales pitches.

Under a appeal accord he active aftermost week, Vikas Singla, a above business baton at arrangement aegis bell-ringer Securolytics – a provider to healthcare institutions, amid others – accepted that in September 2018 he rendered the Ascom buzz arrangement of Gwinnett Medical Center inoperable.

Gwinnett Medical Center operates hospitals in Duluth and Lawrenceville and the advised affliction of the Ascom buzz arrangement meant the capital advice band amid doctors and nurses was bare to them.

More than 200 phones were taken offline, which were acclimated for centralized communications, including "code blue" incidents that generally chronicle to cardiac or respiratory emergencies.

Singla additionally acquired acceptance to Gwinnett Medical Center's VPN, which in about-face afforded him acceptance to a Hologic R2 Digitizer, a accessory affiliated to mammogram machines. The accessory additionally stored the claimed abstracts of patients, including names, dates of birth, and sex.

For added than 300 patients, this abstracts was baseborn by Singla and added to a certificate alleged "Baidu.txt." Singla after accomplished a book job on added than 200 printers above the two hospitals' campuses, absolute all the baseborn data, alternating with the words "WE OWN YOU."

The plea deal [PDF] declared that this could accept acquired "fear amid medical agents and blemish the accouterment of hospital services."

Singla again took to a now-closed Twitter/X anniversary to column 43 tweets, publicizing the incident, with anniversary of the 43 letters absolute some baseborn claimed advice from the mammogram's digitizer. 

After all of the contest had transpired, Securolytics began emailing abeyant audience apropos new business opportunities, citation the publicized attacks.

  • UnitedHealthcare's access AI denied seniors' medical claims, accusation alleges
  • Mac amoroso Woz ailing in Mexico over abstruseness malady
  • Canada goosed as attackers bang hospitals and China deepfakes its politicians
  • AI adherent encouraged man to attack crossbow assassination of Queen

Neither Securolytics nor Northside Hospital, Gwinnett Medical Center's new name, responded to The Register's appeal for comment.

"Criminal disruptions of hospital computer networks can accept adverse consequences," said acting abettor advocate accepted Nicholas L. McQuaid of the Justice Department's bent division, at the time of Singla's 2021 indictment. 

"The administration is committed to captivation accountable those who endanger the lives of patients by damaging computers that are capital in the operation of our healthcare system.

"This cyberattack on a hospital not alone could accept had adverse consequences, but patients' claimed advice was additionally compromised," said appropriately called Chris Hacker, appropriate abettor in allegation of FBI Atlanta. 

"The FBI and our law administration ally are bent to authority accountable, those who allegedly put people's bloom and assurance at accident while apprenticed by greed."

Guilty plea, but (maybe) no prison…

Pleading accusable to one calculation of advised accident to a adequate computer, Singla faces a best bastille appellation of 10 years, admitting he may not anytime see the central of a cell.

The cloister was recommended to instead book Singla to 57 months of abode apprehension due to his adversity an "extraordinary" attenuate and cureless anatomy of cancer. Any adjournment to his surgery, should the blight recur, may cede his action inoperable, according to the appeal agreement.

The accommodation to acclaim the addition to incarceration was additionally afflicted by a "dangerous" vascular condition, from which Singla additionally suffers.

He will accept to pay $817,804.12 in amends to Northside Hospital and Ace American Insurance Company for the amercement incurred by the attack, additional any applicative absorption that accrues by the time he's bedevilled on February 15, 2024. ®