An Atlanta tech firm’s former COO has pleaded responsible to a 2018 incident by which he intentionally launched on-line assaults on two hospitals, later citing the incidents in gross sales pitches.
Underneath a plea deal he signed final week, Vikas Singla, a former enterprise chief at community safety vendor Securolytics – a supplier to healthcare establishments, amongst others – admitted that in September 2018 he rendered the Ascom telephone system of Gwinnett Medical Heart inoperable.
Gwinnett Medical Heart operates hospitals in Duluth and Lawrenceville and the deliberate disablement of the Ascom telephone system meant the primary communication line between medical doctors and nurses was unavailable to them.
Greater than 200 telephones have been taken offline, which have been used for inside communications, together with “code blue” incidents that usually relate to cardiac or respiratory emergencies.
Singla additionally gained entry to Gwinnett Medical Heart’s VPN, which in flip afforded him entry to a Hologic R2 Digitizer, a tool related to mammogram machines. The system additionally saved the non-public knowledge of sufferers, together with names, dates of delivery, and intercourse.
For greater than 300 sufferers, this knowledge was stolen by Singla and added to a doc known as “Baidu.txt.” Singla later executed a print job on greater than 200 printers throughout the 2 hospitals’ campuses, revealing all of the stolen knowledge, together with the phrases “WE OWN YOU.”
The plea deal [PDF] acknowledged that this might have precipitated “concern amongst medical workers and impair the supply of hospital providers.”
Singla then took to a now-closed Twitter/X account to submit 43 tweets, publicizing the incident, with every of the 43 messages containing some stolen private info from the mammogram’s digitizer.
After the entire occasions had transpired, Securolytics started emailing potential purchasers relating to new enterprise alternatives, citing the publicized assaults.
Neither Securolytics nor Northside Hospital, Gwinnett Medical Heart’s new identify, responded to The Register‘s request for remark.
“Prison disruptions of hospital laptop networks can have tragic penalties,” mentioned appearing assistant lawyer basic Nicholas L. McQuaid of the Justice Division’s legal division, on the time of Singla’s 2021 indictment.
“The division is dedicated to holding accountable those that endanger the lives of sufferers by damaging computer systems which are important within the operation of our healthcare system.
“This cyberattack on a hospital not solely might have had disastrous penalties, however sufferers’ private info was additionally compromised,” mentioned aptly named Chris Hacker, particular agent accountable for FBI Atlanta.
“The FBI and our regulation enforcement companions are decided to carry accountable, those that allegedly put folks’s well being and security in danger whereas pushed by greed.”
Responsible plea, however (possibly) no jail…
Pleading responsible to at least one depend of intentional harm to a protected laptop, Singla faces a most jail time period of 10 years, although he could not ever see the within of a cell.
The court docket was really helpful to as an alternative sentence Singla to 57 months of home detention attributable to his struggling an “extraordinary” uncommon and incurable type of most cancers. Any delay to his surgical procedure, ought to the most cancers recur, could render his situation inoperable, in keeping with the plea settlement.
The choice to suggest the choice to incarceration was additionally influenced by a “harmful” vascular situation, from which Singla additionally suffers.
He must pay $817,804.12 in restitution to Northside Hospital and Ace American Insurance coverage Firm for the damages incurred by the assault, plus any relevant curiosity that accrues by the point he is sentenced on February 15, 2024. ®