author photo
By SecureWorld News Team
Sat | Jun 12, 2021 | 6:07 PM PDT

The former sales guy and current Chief Operating Officer of an IoT cybersecurity company is accused of hacking a customer's devices.

And in this case, we're talking about computerized devices inside a hospital.

Here is what we know based on the criminal indictment just returned by a U.S. grand jury.

Third-party risk: security vendor COO accused of cyberattack

At SecureWorld conferences, security leaders spend a fair amount of time discussing vendor risk management. Perhaps this case will reveal another scenario worthy of discussion.

Vikas Singla, 45, is COO of a healthcare industry cybersecurity company called Securolytics. The company specializes in securing the large number of medical IoT (MIoT) devices used to care for patients.

cybersecurity-coo-hackingNow, however, Singla is accused of making them less secure.

Specifically, he is accused of launching a cyberattack against Gwinnett Medical Center in Georgia that was ongoing for approximately one year.

The indictment alleges he did the following:

"...knowingly caused and attempted to cause the transmission of a program, information, code, and command, and, as a result of such conduct, intentionally caused and attempted to cause damage without authorization to a protected computer, that is, one or more computers used by Gwinnett Medical Center...."

The indictment says this includes attacks on the computers which control the phone system for the medical center and attacks on more than a dozen of the hospital's Lexmark printers.

Printer security, anyone?

The COO is also accused of trying to manipulate the medical center's Hologic Digitizer, which is a patient diagnostic tool. Court documents say that after Singla exceeded the authorized number of login attempts on the digitizer, he was able to obtain patient data. 

Prosecutors are bringing this case based on violations of cybersecurity, but it could have been about life security

"Criminal disruptions of hospital computer networks can have tragic consequences," says Acting Assistant Attorney General Nicholas L. McQuaid of the Justice Department's Criminal Division.

The indictment gives very few additional details in this case.

FBI on motive behind the attack by cybersecurity vendor executive

Acting U.S. Attorney Kurt Erskine says he believes money could be a motive here:

"In this case, Singla allegedly compromised Gwinnett Medical Center's operations in part for his own personal gain."

And the FBI agent overseeing the case, named Chris Hacker, apparently shares that view. 

"The FBI and our law enforcement partners are determined to hold accountable those who allegedly put people's health and safety at risk while driven by greed."

Singla now faces 18 felony counts with a maximum total sentence of 175 years behind bars. A federal district judge will determine his actual sentence later this year.

[RELATED: Finance Vendor Became Insider Threat and Stole Millions]

Comments