Cybersecurity firm executive pleads guilty to hacking hospital to boost business

A former top executive of a cybersecurity company has admitted to hacking two hospitals in Duluth and Lawrenceville in June 2021 in a bid to get more business for his company.

Vikas Singla worked as the COO at Securolytics, a cybersecurity provider specializing in the healthcare industry. According to prosecutors, Singla confessed to illegally accessing the computer systems of two Gwinnett Medical Center hospitals. 

Specifically, on the September 27, 2018, attack, Singla disrupted phone and printing services and stole patient data from a machine related to mammograms.

That same day, Singla used hundreds of printers in a Duluth hospital to print stolen patient information and threatening "We Own You" messages. He did this to promote publicity about the attack and attract business for Securolytics. 

According to the guilty plea, Singla even tweeted stolen patient names and birth dates from the breach. Securolytics then contacted potential clients, highlighting the hospital incident.

FBI Atlanta says that “...our law enforcement partners are determined to hold accountable those who allegedly put people's health and safety at risk while driven by greed."

Singla admitted to the charges, including damage to protected computers and obtaining unauthorized information. His attack caused over $817,000 in losses to the hospital.

As part of a plea deal, Singla will pay back $817,000 to the hospital and insurance company. Prosecutors also recommend 57 months of probation and home detention instead of jail time. This is because Singla has serious medical issues that require treatment. 

However, the judge is at liberty to sentence Singla to a maximum prison term of 10 years in a February 15, 2024 sentence hearing.