Security News > 2023 > November > Former infosec COO pleads guilty to attacking hospitals to drum up business
An Atlanta tech company's former COO has pleaded guilty to a 2018 incident in which he deliberately launched online attacks on two hospitals, later citing the incidents in sales pitches.
Under a plea deal he signed last week, Vikas Singla, a former business leader at network security vendor Securolytics - a provider to healthcare institutions, among others - admitted that in September 2018 he rendered the Ascom phone system of Gwinnett Medical Center inoperable.
For more than 300 patients, this data was stolen by Singla and added to a document called "Baidu.txt." Singla later executed a print job on more than 200 printers across the two hospitals' campuses, revealing all the stolen data, along with the words "WE OWN YOU.".
Singla then took to a now-closed Twitter/X account to post 43 tweets, publicizing the incident, with each of the 43 messages containing some stolen personal information from the mammogram's digitizer.
"Criminal disruptions of hospital computer networks can have tragic consequences," said acting assistant attorney general Nicholas L. McQuaid of the Justice Department's criminal division, at the time of Singla's 2021 indictment.
Pleading guilty to one count of intentional damage to a protected computer, Singla faces a maximum prison term of 10 years, though he may not ever see the inside of a cell.