HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

IT Security Company COO Charged with Cyberattack on Georgia Medical Center

The Chief Operating Officer of an IT security firm has been charged over a financially motivated cyberattack on Gwinnett Medical Center in Lawrenceville, GA in September 2018.

Vikas Singla, 45, of Marietta, GA is the COO of Securolytics, a network security company in the metro-Atlanta region. On June 8, 2021, Singla was indicted by a federal grand jury for allegedly accessing the systems of the healthcare provider, disrupting its phone and network printer services, and stealing information from a Hologic R2 digitizing device.

According to the Department of Justice, the attack was conducted, in part, for financial gain and commercial advantage. According to court documents at least 10 protected computers were damaged in the attack. It is unclear whether Singla, or his IT company, had any previous business relationship with Gwinnett Medical Center and why the medical center was targeted.

Singla was arraigned in the U.S. District Court for the Northern District of Georgia on June 10, 2021 and was charged with 17 counts of causing intentional damage to a protected computer and one count of obtaining information from a protected computer. Singla faces a maximum sentence of 10 years in jail for each of the intentional damage to a protected computer counts and a maximum jail term of 5 years for the theft of information count.

Get The Checklist

Free and Immediate Download
HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

Singla is not believed to have acted alone. According to the indictment, Singla was aided and abetted by other individuals, although they have not been named. Singla pleaded not guilty to the charges and has been released on bond. The date for the trial has yet to be set.

“Criminal disruptions of hospital computer networks can have tragic consequences,” said Acting Assistant Attorney General Nicholas L. McQuaid of the Justice Department’s Criminal Division. “The department is committed to holding accountable those who endanger the lives of patients by damaging computers that are essential in the operation of our health care system.”

“This cyberattack on a hospital not only could have had disastrous consequences, but patients’ personal information was also compromised,” said Special Agent in Charge Chris Hacker of the FBI’s Atlanta Field Office. “The FBI and our law enforcement partners are determined to hold accountable, those who allegedly put people’s health and safety at risk while driven by greed.”

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.