COO Charged in Georgia Hospital Cyber-attack

The chief operating officer of an IoT security company has been indicted by a federal grand jury over a cyber-attack carried out on a hospital in Georgia. 

Vikas Singla, of Marietta, Georgia, was arraigned on Thursday for his alleged role in the 2018 attack on Gwinnett Medical Center that exposed patients' personal data. 

The center, which is now known as Northside Hospital, was a not-for-profit health care network that provided health care services at two hospitals located in Georgia; one was in Duluth and the other in Lawrenceville. 

Singla was the COO and co-founder of Atlanta-based startup Securolytics, which served the health care industry with a cloud-based threat detection and analytics platform that was purpose-built for IoT.

According to the indictment, 45-year-old Singla took part in an attack that disrupted Gwinnett's phone service and network printer service. He is further accused of obtaining information from a digitizing device. 

Prosecutors said that the attack allegedly perpetrated by the Marietta resident was motivated in part by financial gain. 

“This cyber-attack on a hospital not only could have had disastrous consequences, but patients' personal information was also compromised,” said Special Agent in Charge Chris Hacker of the FBI’s Atlanta Field Office. 

“The FBI and our law enforcement partners are determined to hold accountable those who allegedly put people’s health and safety at risk while driven by greed.”

It is alleged that on or about September 27, 2018, Singla, "aided and abetted by others unknown to the grand jury," attacked one or more computers used by Gwinnett Medical Center that operated the Ascom phone system of the Duluth hospital. 

Singla is further accused of attacking one or more computers used by the Duluth and Lawrenceville hospitals that operated 17 different Lexmark printers. 

He is further accused of accessing without authorization a Hologic R2 Digitizer used by the Center in the Lawrenceville hospital.

Singla is charged with 17 counts of intentional damage to a protected computer and one count of obtaining information by computer from a protected computer.

The Department of Justice said that the attack on Gwinnett Medical Center is still being investigated by the FBI. 

What’s Hot on Infosecurity Magazine?