A healthcare cybersecurity official has been accused of carrying out a cyberattack on a nonprofit healthcare network in Georgia in 2018 for personal gain, according to the US Department of Justice (DOJ).
Vikas Singla was indicted by a federal grand jury on June 8 and brought to justice before a federal magistrate in the U.S. District Court for the Northern District of Georgia.
According to the Justice Department’s announcement, he was responsible for a cyberattack on Gwinnett Medical Center (now Northside Hospital Gwinnett) that disrupted telephone service and network printer service at both hospitals in September. 2018. He also allegedly accessed and obtained information from a scanning site. device used by the health network.
Singla is charged with 17 counts of willful damage to a protected computer and one count of obtaining information from a protected computer.
Singla’s alleged cyberattack was “aided and abetted by others unknown to the Grand Jury,” according to the indictment filed on June 8. The case continues to be investigated by the Federal Bureau of Investigation.
“This cyberattack on a hospital could not only have had dire consequences, but the patient’s personal information was also compromised,” Chris Hacker, special agent in charge of the FBI Atlanta, said in a statement. “The FBI and our law enforcement partners are determined to hold accountable those who put the health and safety of people at risk while motivated by greed.”
RELATED: FBI Warns Conti Ransomware Hit Irish System, Targeting 16 US Medical and Emergency Networks
Prosecutors alleged in the charge (PDF) that Singla’s actions could have damaged at least 10 computers, impaired the medical examination, diagnosis, treatment of at least one patient and caused loss to Gwinnett Medical by affecting computers of value cumulative of at least $ 5,000.
The indictment did not refer to Singla’s employer by name, calling the company a “network security company that provided services to the healthcare industry.” According to Singla’s LinkedIn page, he was COO of healthcare-focused, Atlanta-based network security company Securolytics. The company had also previously named him co-founder and member of the management team on its website.
Fierce Healthcare has contacted Securolytics for comment and confirmation of Singla’s role in the business.
Gwinnett Medical Center and its sister facilities joined Northside Hospital, a network of three hospitals, in August 2019. Today, the system includes five hospitals and more than 250 outpatient care facilities.
“We are delighted with this result and thank the many people and organizations who have worked so hard on our behalf,” a system representative at Fierce Healthcare said in an email.
Cyber security incidents targeting healthcare facilities have become more frequent and impactful over the years. A March report found that ransomware attacks cost the healthcare industry $ 20.8 billion in downtime in 2020, while another reported a 123% increase in attempted attacks from 2019 to 2020.
Just last month, two high-profile attacks were launched against the Irish National Health Service and San Diego-based Scripps Health. The latter took weeks to bring all of its systems back online and recently reported that its attackers had stolen health and personal financial information from nearly 150,000 patients in the health care system.