The chief operating officer (COO) of a US network security firm has pleaded guilty to compromising the IT systems of two hospitals in order to generate business for his company.
Securolytics executive, Vikas Singla, admitted hacking Gwinnett Medical Center (GMC) hospitals in Duluth and Lawrenceville, Georgia, as explained in a 2021 indictment.
The incidents, which took place in September 2018, began when Singla modified the configuration files of GMC Duluth hospital’s ASCOM phone system, rendering over 200 handsets inoperable, the plea agreement revealed.
This disrupted the work of nurses and doctors who use the phones to coordinate “Code Blue” emergencies and other work, the document said.
The same day, Singla managed to steal personal information on over 300 patients from a password-protected Hologic R2 Digitizer, which was connected to a mammogram machine at the Lawrenceville hospital.
He also transmitted commands resulting in over 200 printers at both hospitals printing out the stolen personal information, interspersed with the message: “We Own You.”
On October 2 2018, Singla then took to Twitter, posting 43 messages under an anonymous account claiming the hospitals were hacked, and sharing some of the personal details he’d stolen, according to the court documents.
“After the attacks, Securolytics emailed potential clients offering its services, and noting the recent attack on GMC,” the plea document read.
His attacks are said to have caused over $800,000 in “financial harm” to the hospitals, which Singla will pay back plus interest in restitution.
Although the former COO could have faced a jail term of up to 10 years, prosecutors are recommending 57 months of home detention/probation due to the fact that Singla has been diagnosed with a rare and incurable form of cancer and a “potentially dangerous vascular condition.”