Cybersec executive caught hacking hospitals to boost business


The former chief operating officer (COO) of a cybersecurity company admitted to hacking two US hospitals to generate business for the security firm he was working at.

Vikas Singla, a former COO at network security firm Securolytics, pleaded guilty to hacking the systems of two Georgia-based hospitals belonging to the Gwinnett Medical Center (GMC).

According to the plea agreement, the defendant’s actions resulted in a financial loss worth over $817K for GMC, with Singla disrupting the hospital’s printers, phone systems, and Digitizer.

On September 27th, 2018, Singla disabled several hundred ASCOM phones used by the hospital staff, severely impacting the hospital’s work. On the same day, the former COO also took several hundred patient names, dates of birth, and other data that was attached to a mammography machine.

Later the same day, Singla hijacked 200 printers in both hospitals and started printing the stolen patient names, followed by a “WE OWN YOU” message.

“The Defendant attempted to create and use publicity about the attack, including causing the publication of information obtained without authorization from the Digitizer, to generate business for Securolytics,” reads the plea agreement.

A few days later, Singla set up a Twitter account to post dozens of messages, claiming that GMC was hacked. To prove his point, the former COO shared stolen patient details. Once the attack was complete, Securolytics emailed potential clients, using the GMC hack as an example.

Singla has agreed to pay over $817,000 in damages he caused to impacted hospitals. While he could face up to ten years in prison, the prosecution will recommend sentencing him to 57 months of home detention due to his diagnosis with an incurable form of cancer.