Inside Job: Cyber Exec Admits to Hospital Hacks

Healthcare cyber services executive Vikas Singla admits to hobbling hospital operations, then using the incidents to try and gin up extra business.

A stethoscope on a keyboard
Source: Oleckii Mach via Alamy Stock Photo

A deeply misguided former executive with a healthcare network security firm has pled guilty to intentionally compromising a Georgia hospital network as a sales strategy.

It didn't work.

A US District Court in Georgia released the filing from the Nov. 16 court proceeding detailing the guilty plea from Vikas Singla, who accepted full responsibility for the cyberattacks against two Gwinnett Medical Center locations in Duluth and Lawrenceville, Georgia.

In September 2018, Singla gained unauthorized access to the GMC phone system and made changes to its operating system, taking down the entire phone system, including those used to make emergency calls inside the hospitals. The filing said more than 200 phones were out of commission as a result of Singla's actions.

Singla admits he also accessed sensitive information on more than 300 patients.

To add a cruel element of fear, Singla also sent a command resulting in more than 200 printers on the GMC network to print the message, "WE OWN YOU."

Following the attack, Singla tried to generate publicity for the compromise through a Twitter account. And in the filing he admitted to soliciting potential clients for security services by citing the GMC breach.

Singla will likely avoid jail time due to a medical issue and his willingness to admit responsibility, according to the DOJ. The guilty plea also includes deportation and restitution payments totaling more than $800,000.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights