On June 10, the Department of Justice announced the arrest of the chief operating officer of a network security company in Atlanta. The charges relate to a cyberattack that occurred in 2018 on the Georgia health system.
Vikas Singla, whose LinkedIn lists him as working for the cloud-based threat detection platform Securolytics, was accused of targeting Gwinnett Medical Center in part for financial gain.
“This cyberattack on a hospital not only could have had disastrous consequences, but patients’ personal information was also compromised,” said Special Agent in Charge Chris Hacker of the FBI’s Atlanta field office, in a statement.
Hacker stated, “The FBI is determined to hold accountable all those who allegedly put people’s health and safety at stake while being driven greedily by law enforcement partners.”
WHY IT IS IMPORTANT
According to court documents Singla has been accused of trying disrupt Gwinnett Medical Center’s network printer and phone service. After a merger in 2019, Northside Hospital is now known as Singla.
He was also accused of intentionally trying to obtain information from a computer protected: the Hologic R2 Digitalizer.
Hologic’s R2 technology, which is often used in conjunction with mammography, is frequently used by Hologic.
The indictment states that the offense was committed to “purposes commercial advantage or private financial gain.”
If the court documents are completed, they will state that the incident led to the impairment or carelessness of at least one person.
Singla was charged with 17 counts relating to intentional damage of a protected system, each carrying a maximum penalty ranging from 10 years to ten years in prison, and one count relating to obtaining information by computer using a protected system, which carries maximum penalties of five years’ imprisonment.
“Cyberattacks on critical infrastructure, such health care, pose serious threats to public health safety and security,” stated Kurt R. Erskine of the U.S. District of Georgia in a release.
Erskine said that Singla had allegedly compromised Gwinnett’s Medical Center’s operations to his personal gain in this instance.
Securolytics currently does not list Gwinnett nor Northside. Securolytics was unable to return comment requests.
THE LARGER TREND
At a moment when many high-profile hacker attacks have been linked with powerful nation-states, or shadowy multilateral groups, it is vital to remember that security and privacy threats can also come from within our own borders.
A data breach in recent times could have exposed the contact-tracing information for approximately 72,000 Pennsylvanians. It was linked to employees at a third-party vendor, who were accused in violation of security protocols.
“Criminal disruptions of hospital IT networks can have tragic outcomes,” said Nicholas L. McQuaid (Acting Assistant Attorney General), in a statement. “The department is committed in holding those who threaten the lives of patients through the destruction of computers that are vital to the operation of our healthcare systems accountable.”
Kat Jercich, senior editor at Healthcare IT News.
Healthcare IT News, a HIMSS media publication.