IT Security Company COO Charged with Cyberattack on Georgia Medical Center
The Chief Operating Officer of an IT security firm has been charged over a financially motivated cyberattack on Gwinnett Medical Center in Lawrenceville, GA in September 2018.
Vikas Singla, 45, of Marietta, GA is the COO of Securolytics, a network security company in the metro Atlanta region. On June 8, 2021, Singla was indicted by a federal grand jury for allegedly accessing the systems of the healthcare provider, disrupting its phone and network printer services, and stealing information from a Hologic R2 digitizing device.
According to the Department of Justice, the attack was conducted, in part, for financial gain and commercial advantage. According to court documents at least 10 protected computers were damaged in the attack. It is unclear whether Singla or his IT company had any previous business relationship with Gwinnett Medical Center and why the medical center was targeted.
Singla was arraigned in the U.S. District Court for the Northern District of Georgia on June 10, 2021, and was charged with 17 counts of causing intentional damage to a protected computer and one count of obtaining information from a protected computer. Singla faces a maximum sentence of 10 years in jail for each of the intentional damage to a protected computer counts and a maximum jail term of 5 years for the theft of information count.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Singla is not believed to have acted alone. According to the indictment, Singla was aided and abetted by other individuals, although they have not been named. Singla pleaded not guilty to the charges and has been released on bond. The date for the trial has yet to be set.
“Criminal disruptions of hospital computer networks can have tragic consequences,” said Acting Assistant Attorney General Nicholas L. McQuaid of the Justice Department’s Criminal Division. “The department is committed to holding accountable those who endanger the lives of patients by damaging computers that are essential in the operation of our health care system.”
“This cyberattack on a hospital not only could have had disastrous consequences, but patients’ personal information was also compromised,” said Special Agent in Charge Chris Hacker of the FBI’s Atlanta Field Office. “The FBI and our law enforcement partners are determined to hold accountable, those who allegedly put people’s health and safety at risk while driven by greed.”
UPDATE: November, 2023
Vikas Singla’s attorneys negotiated a plea deal under which Singla pled guilty to one count of intentional damage to a protected computer for the attacks on Gwinnett Medical Center in Duluth and Lawrenceville, GA. Singla was facing a jail term of up to 10 years, but under the deal, the Department of Justice will recommend 57 months of probation, including home detention, and Singla has agreed to pay restitution of almost $818,000 to the medical center and its insurance company. Singla is due to be sentenced on February 15, 2024. Further information.
