Maksim Kabakou -

Securolytics COO charged in Georgia hospital cyber attack

Details on the cyber attack are scarce, but according to the indictment, Vikas Singla allegedly attempted to steal data and disrupt the hospital's phone system.

The COO and co-founder of Securolytics, an Atlanta-based IoT security startup, was charged for his alleged role in a 2018 cyber attack against a Georgia hospital, the U.S. Department of Justice announced Thursday.

Vikas Singla of Marietta, Ga., was accused of conducting a cyber attack against Gwinnett Medical Center (now known as Northside Hospital) in 2018 that involved causing damage to one or more computers controlling the hospital's Ascom phone system, as well as disrupting printer service and stealing data, according to the indictment released Thursday.

The indictment stated the alleged attack was done "for purposes of commercial advantage and private financial gain," and that Singla was "aided and abetted by others unknown to the Grand Jury."

Singla was arraigned on Thursday, according to a Department of Justice (DOJ) announcement.

"Criminal disruptions of hospital computer networks can have tragic consequences," said Nicholas L. McQuaid, acting assistant attorney general of the Justice Department's Criminal Division, in the announcement. "The department is committed to holding accountable those who endanger the lives of patients by damaging computers that are essential in the operation of our health care system."

Though his company was described by the DOJ only as a "network security company," Singla's LinkedIn profile showed he was the COO of Securolytics. While Securolytics' site currently contains no mention of Singla, a 2019 Wayback Machine snapshot of the site mentions Singla and refers to him as a co-founder and COO of the company.

Details surrounding the specifics of the data breach, including how exactly it occurred, what Singla may have been trying to do and how he was caught remain unknown. The DOJ said the FBI is still investigating the attack.

Singla is charged with 17 counts of intentional damage to a protected computer, as well as one count of obtaining information by computer from a protected computer. Each of the first 17 counts carry a maximum penalty of 10 years in prison, and the latter count carries a maximum penalty of five years.

A Northside Hospital spokesperson wrote in an email that, "We are pleased with this result, and thank the many individuals and organizations which have worked so hard on our behalf."

The U.S. Attorney's Office for the Northern District of Georgia declined to comment. Securolytics and the DOJ have not responded to our request for comment.

Alexander Culafi is a writer, journalist and podcaster based in Boston.

Dig Deeper on Data security and privacy

Enterprise Desktop
Cloud Computing