Chief Operating Officer of Network Security Company Charged with Cyberattack on Medical Center
Note: It seems possible that the incident described in DOJ’s press release below is the incident reported by Salted Hash and DataBreaches.net in 2018. According to Singla’s LinkedIn account, he was COO at Securolytics in Atlanta at the time of the Gwinnett breach.
A Georgia man was arraigned today on charges arising out of a cyberattack conducted on Gwinnett Medical Center in 2018.
According to the indictment, Vikas Singla, 45, of Marietta, the chief operating officer of a metro-Atlanta network security company that served the health care industry, allegedly conducted a cyberattack on Gwinnett Medical Center that involved (i) disrupting phone service, (ii) obtaining information from a digitizing device, and (iii) disrupting network printer service. The indictment further alleges that the cyberattack was conducted, in part, for financial gain.
“Criminal disruptions of hospital computer networks can have tragic consequences,” said Acting Assistant Attorney General Nicholas L. McQuaid of the Justice Department’s Criminal Division. “The department is committed to holding accountable those who endanger the lives of patients by damaging computers that are essential in the operation of our health care system.”
“Cyberattacks that target important infrastructure, like health care, pose a serious threat to public health and safety,” said Acting U.S. Attorney Kurt R. Erskine for the Northern District of Georgia. “In this case, Singla allegedly compromised Gwinnett Medical Center’s operations in part for his own personal gain.”
“This cyberattack on a hospital not only could have had disastrous consequences, but patients’ personal information was also compromised,” said Special Agent in Charge Chris Hacker of the FBI’s Atlanta Field Office. “The FBI and our law enforcement partners are determined to hold accountable, those who allegedly put people’s health and safety at risk while driven by greed.”
Singla was indicted by a federal grand jury Tuesday and made his initial court appearance today before U.S. Magistrate Judge Linda T. Walker of the U.S. District Court for the Northern District of Georgia. The defendant is charged with 17 counts of intentional damage to a protected computer, each of which carries a maximum penalty of 10 years’ imprisonment, and one count of obtaining information by computer from a protected computer, which carries a maximum penalty of five years’ imprisonment. A federal district court judge will determine any sentence after considering the U.S. Sentencing Guidelines and other statutory factors.
The FBI is investigating this case.
Trial Attorney Brian Mund of the Criminal Division’s Computer Crime and Intellectual Property Section and Assistant U.S. Attorney Samir Kaushal for the Northern District of Georgia and are prosecuting the case.
An indictment is merely an allegation and all defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law.
Source: Department of Justice