Cybercrime, Fraud Management and Cybercrime, Healthcare
Atlanta man pleads guilty, ordered to pay $818,000 in restitution, potentially avoiding prison
Marianne Korbasuk McGee (health information security) •
November 17, 2023
Vikas Singla was chief operating officer of Atlanta-based cybersecurity firm Securolytics when two local hospitals were hit by a series of cyberattacks in 2018. Singla almost immediately began emailing customers and prospects offering his company’s services and citing the attack as an example of the growing cyberthreats in the region.
Related item: Risky business: When someone else’s problem becomes your own.
But Mr. Singla was the mastermind behind the attacks, and federal prosecutors say they were simply a ploy to boost his company’s performance.
Singla, who was still listed on LinkedIn as Securitylytics’ chief operating officer as of Friday, was arrested Thursday in Georgia federal court for a “series of intrusions” in September 2018. Entered a guilty plea to a charge of intentionally causing damage to a computer affecting two hospital facilities. Gwinnett Medical Center in Duluth and Lawrenceville, Georgia; The medical center was later renamed Northside.
under plea bargain Singla, in consultation with the Department of Justice, agreed to pay approximately $818,000 to the medical center and its insurance company for costs related to the incident.
Singla had been sentenced to up to 10 years in prison, but under the agreement, the Justice Department announced it would recommend that the court sentence him to 57 months of probation, including home detention.
The plea agreement said sending Singla to prison would prevent him from receiving the medical care he needs for a “rare and incurable form of cancer” and a “dangerous” vascular disease.
Singla is scheduled to be sentenced on February 15, 2024.
The federal prosecutor in this case is 18 indictments 2021 Singla match (see: Security company COO charged in connection with medical center attack).
In March, the federal judge overseeing the case rejected an Atlanta magistrate judge’s recommendation to dismiss criminal charges against Singla (see below) Security company COO loses bid to dismiss cyber attack lawsuit).
Hacking details
According to the plea agreement, on September 27, 2018, Singla knowingly sent commands to fraudulently change the configuration template of the ASCOM telephone system located at Gwinnett Medical Center’s Duluth Hospital Campus.
As a result, all ASCOM phones at Duluth Hospital that were connected to the phone system during the Singla transmission were rendered inoperable, and more than 200 ASCOM handsets were taken offline, court documents state.
These phones were used by Duluth hospital staff, including doctors and nurses, for internal communications, including “code blue” emergencies. Court documents say the ASCOM phones were used to make calls outside the hospital.
On the same day, Singla obtained information including the names, dates of birth and gender of more than 300 patients without their permission from a Hologic R2 digitizer connected to a mammography machine on the Lawrenceville Hospital campus in Gwinnett, the documents state. ing.
The digitizer was accessible through Gwinnett’s virtual private network and was password protected. Court documents say Singla did not have permission to access or obtain information on the device.
Also, on September 27, 2018, Singla intentionally sent a command that resulted in the printing of a file named: Baidu.txt
As a result, more than 200 printers on the campuses of Duluth Hospital in Gwinnett and Lawrenceville Hospital were able to capture patient name, date of birth, and gender information obtained from digitizers without permission, interspersed with the message “WE OWN YOU.” “Printed,” court documents state.
“Defendant intended to have a printing company print the Baidu.txt file, but was aware that he did not have the authority to do so,” the plea agreement states. “The printer was used in connection with patient care and the messages printed on the computer had the potential to cause fear in medical staff and undermine the provision of hospital services.”
A few days later, on October 2, 2018, Singla caused 43 messages to be posted on his Twitter account (@baidu325017231) claiming that Gwinnett had been hacked. The 43 messages, each containing the patient’s name, date of birth and gender, were obtained from a digitizer that Singla had hacked, prosecutors said in the plea agreement.
Immediately after the incident, court documents state, Singla “created and attempted to exploit publicity regarding the attack” to generate business for the company, including attracting potential offers of the company’s services. The email was sent to Securolytics customers and included references to the recent Gwinnett scandal.
“Defendant’s computer intrusion, which affected Gwinnett’s ASCOM telephone system, printers, and digitizers, including Defendant’s related course of action, resulted in financial damages to the medical center in the amount of $817,804.12,” court documents state. Says.
The medical center did not immediately respond to Information Security Media Group’s request for comment, nor did Securolitics or an attorney representing Singla.
The Justice Department declined ISMG’s request for comment on the petition and for an explanation of Singla’s company’s relationship, if any, to Gwinnett Medical Center at the time of the attack.
blurred lines
Although the Singla incident appears to be outside the scope of most data breaches involving malicious insiders or external cybercriminals, it highlights important evolving security considerations. Some experts claim that it is.
“This is a fairly unusual case, but it’s an example of a growing problem across the cybersecurity world. The lines between some good guys and some bad guys are becoming quite blurry.” said privacy attorney Kirk Nara. Law firm WilmerHale is not involved in the Singla case.
“While the idea of ’security breaches as marketing’ is fairly common, we also see similar problems from security ‘researchers’, for example, when they may actually be the cause of the problem. If you are offering assistance,” Nahla said. .
This is “just part of the continuing need to constantly evolve our thinking about how we prepare for and respond to cyber breaches,” he added.