IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Cybersecurity Exec Sentenced in Medical Center Hacking

An Atlanta cybersecurity executive who hacked the Gwinnett Medical Center’s computer system in an alleged attempt to boost business for his company has been sentenced to two years of home detention.

Digital illustration of a yellow lock in a circle surrounded by yellow lines and arrows.
(TNS) — An Atlanta cybersecurity executive who hacked the Gwinnett Medical Center’s computer system in an alleged attempt to boost business for his cash-strapped company has been sentenced to two years of home detention after paying more than $800,000 in restitution.

Vikas Singla, 48, was sentenced by a federal judge in Atlanta on Monday, having pleaded guilty in November to a single count under the federal Computer Fraud and Abuse Act. Singla’s attorneys, David Chaiken and Kamal Ghali, said in a court filing that he is deeply remorseful for his “extremely reckless and potentially dangerous” actions.

“It is worth noting that there does not appear to be any evidence that any patient was harmed or that any patient’s care was delayed or adversely impacted by the offense,” the filing states.

Prosecutors said Singla, the chief operating officer at network security company Securolytics, shut down more than 200 phones in Gwinnett Medical’s Duluth hospital and hacked more than 200 printers at its Duluth and Lawrenceville hospitals in September 2018. They said he also stole the personal information of more than 300 patients and published some of it through social media.

Singla also caused more than 200,000 emails to be sent through Gwinnett Medical’s network, prosecutors said. They said it took five days to restore the phone system, which staff used to communicate life-threatening medical emergencies.

Days after the hack, Singla attempted to alert news organizations, claiming that Gwinnett Medical was trying to cover it up, prosecutors said. They said he then used news reports about the incident in marketing emails to potential customers of Securolytics, which offers security services to health care institutions.

“Singla’s actions, if taken by anyone, would reflect a stunning indifference to how the criminal conduct affected innocent third parties,” prosecutors said in a court filing. “That Singla is a cybersecurity expert operating in the health care space and knew full well the danger to patients and damage to GMC that he was causing makes his criminal acts even more shocking.”

Prosecutors recommended home detention, acknowledging Singla’s diagnosis of a rare and aggressive form of cancer. Under federal sentencing guidelines, Singla faced more than four years in prison.

Singla, who has no criminal history, has paid $817,804 in restitution to Gwinnett Medical’s successor, Northside Hospital, and its insurer, his attorneys said. They told The Atlanta Journal-Constitution that there was no evidence that Singla received any tangible benefit from the hack.

Chaiken and Ghali said home detention was fair considering Singla’s unusual medical issues, acceptance of responsibility, charitable work and otherwise law-abiding life, coupled with the fact that no patients were harmed and no property or equipment was permanently damaged.

Prosecutors said Securolytics was struggling financially in the months before Singla’s cybersecurity attack, unable to pay staff wages and invoices.

Singla hacked the hospital phone system about 1:30 a.m. on Sept. 27, 2018, prosecutors said. They said Gwinnett Medical manually reprogrammed each disabled handset, but the phones were again shut down around 9 a.m. that day. The problem wasn’t fully resolved until Oct. 2.

About three hours after Singla’s initial attack on the phone system, he caused more than 200 printers, including those in emergency departments, to print out the personal information of hospital patients under the message “WE OWN YOU!!!,” prosecutors said. They said Singla used patient data he had stolen from a password-protected device connected to a mammogram machine at the Lawrenceville hospital.

The unsolicited emails were sent on Oct. 1, including about 97,000 to addresses associated with Gwinnett Medical and more than 300 addresses controlled by its chief financial officer, prosecutors said.

On Oct. 2, Singla published 43 Twitter messages containing patient data and warning of the hack, prosecutors said. They said the messages included alerts to news organizations including the Gwinnett Daily Post and Atlanta Business Chronicle, and that the following day Singla published images from Gwinnett Medical cameras showing hospital facilities.

Singla’s attorneys said he is a loving and devoted husband and father who has spent a lot of time coaching youth sports, volunteering for nonprofits and mentoring and helping others. He was indicted on 18 charges in June 2021.

© 2024 The Atlanta Journal-Constitution. Distributed by Tribune Content Agency, LLC.