IT professional pleads guilty in Gwinnett Medical Center hacking case

Patient information compromised
Gwinnett Medical Center in Lawrenceville. (Photo: courtesy of Gwinnett Health System)

Credit: Photo courtesy: Gwinnett Health System

Combined ShapeCaption
Gwinnett Medical Center in Lawrenceville. (Photo: courtesy of Gwinnett Health System)

Credit: Photo courtesy: Gwinnett Health System

Credit: Photo courtesy: Gwinnett Health System

The chief operating officer of an Atlanta network security company that offered services to the health care industry has pleaded guilty to a federal computer hacking charge after allegedly attacking a Gwinnett Medical Center phone system and revealing patient information.

Vikas Singla entered a guilty plea Thursday to a single count under the Computer Fraud and Abuse Act of intentionally damaging a protected computer, having unsuccessfully fought an 18-count criminal indictment issued in a Georgia federal court in June 2021. U.S. District Judge Michael L. Brown denied in September Singla’s latest attempt to dismiss the charges.

Singla’s plea deal with prosecutors came after the federal judge had scheduled a trial in the case to start on Jan. 23. Singla is due to be sentenced on Feb. 15.

The federal government alleged that in September 2018, Singla hacked computers used by Gwinnett Medical Center to operate a phone system at its hospital in Duluth. Singla also allegedly targeted computers at Gwinnett Medical Center’s hospital in Lawrenceville, obtaining patient names and birth dates that he then publicly revealed.

Singla’s actions cost the health care provider more than $800,000, according to his plea agreement. Case records don’t show what that money was spent on.

Singla’s defense counsel and the U.S. Attorney’s Office for the Northern District of Georgia, which helped to prosecute the case, did not immediately respond Friday to questions about the plea deal.

At the time of his indictment, Singla was a 45-year-old Marietta resident, case records show. He was in charge of the company Securolytics.

Singla’s plea agreement states that more than 200 phones were taken offline when he interfered with Gwinnett Medical Center’s phone system. Through this system, hospital staff communicated “code blue” emergencies, among other things.

Singla obtained the personal information of more than 300 patients, including names and birth dates, and caused much of that information to be printed on hospital printers, the agreement says. It’s not clear whether any patients were harmed.

Prosecutors claim Singla created dozens of social media messages stating that Gwinnett Medical Center had been hacked. Those messages allegedly included patient information.

Singla then contacted potential clients offering Securolytics’ services while referencing the attack, per his plea agreement.

Singla could be sentenced to prison for 10 years or fined $250,000. His attorneys and federal prosecutors jointly recommended that he spend almost five years on home detention, noting in the plea agreement that Singla has a rare and incurable form of cancer.

Singla, who remains on bond, has agreed to pay restitution of $817,804 as part of his plea deal. Most of that will go to Ace American Insurance Company.

About the Author