A top manager of the information security company Securolytics pleaded guilty to hacking the computer network of an American medical organization. As a result of the attack, information about which the adventurous manager intended to use to attract new customers, several hospitals were left without internal communication, which could lead to human casualties. The prosecution will request 57 months of house arrest for the defendant instead of the actual term due to the terrible state of his health.
This is a dangerous and highly unethical idea
The former chief operating officer (COO) of the American technology company Securolytics organized cyber attacks on several medical institutions in the United States, information about which he later used to attract new customers, writes The Register.
Securolytics is a network security service provider headquartered in Atlanta, Georgia, USA, specializing in serving healthcare clients.
According to the case file, Vikas Singla, a former top manager of Securolytics information security company, in September 2018 personally remotely disabled the telephone network infrastructure based on Ascom equipment at Northside Hospital Gwinnett Medical Center, which operates hospitals in Lawrenceville and Duluth (Georgia).
As a result, more than 200 telephone sets in hospitals were inoperable at one time, depriving doctors and other medical personnel of the ability to communicate with each other via internal communication channels. The availability of such communication channels is critical, especially when responding to situations in which patients need urgent care, such as due to sudden cardiac arrest.
In addition, Singla broke into the private virtual network (VPN) of the medical organization and, through it, gained access to the hospital device for digitizing and analyzing mammographic images Hologic R2. The device, in addition to X-ray results, also stores personal data of patients, including names, dates of birth and gender.
The head of Securolytics then extracted information about 300 patients undergoing the study from the medical device and saved it in a text file called "Baidu.txt", which was subsequently simultaneously printed in both branches of the institution, accompanied by a message with the words:" WE OWN YOU " ("We own you"). In total, more than 200 printers of organizations were involved in this intimidation campaign.
Accessing a public field
After this Single, he covered the incident on the social network X (formerly Twitter) using the now deactivated personal account, from the position of an expert in the field of security and without disclosing the fact of his own involvement in the incident. In total, the man published 43 messages, each of which somehow included confidential patient data stolen from the Hologic R2 machine.
After Singly's public appearance, Securolytics began sending emails to potential customers offering cooperation, citing attacks that its chief operating officer had previously described online.
Plead guilty and avoid jail
In 2021, Singla was charged with intentionally causing damage to a protected computer (17 episodes), as well as gaining access to information on a protected computer (one episode). According to the prosecution, the actions of the ex-top manager of Securolytics resulted in damage to the medical structure, which was estimated at $817 thousand.
In November 2023, the adventurer manager pleaded guilty to the crime and agreed to pay Northside Hospital Gwinnett and the ACE American Insurance Company serving it all $817 thousand in compensation for material damage.
The prosecution also promised not to ask the court for a sentence related to Singla's placement in correctional institutions. Instead, the prosecutor will recommend the appointment of a probationary period of 57 months (about five years), which the guilty person will have to spend under house arrest.
Such a lenient sentence is proposed by the prosecution due to the presence of serious health problems in Singla: "a rare and incurable form of cancer", as well as "a potentially dangerous disease of the cardiovascular system".
The judge, however, may not take the recommendations into account and appoint Singleh up to 10 years in prison. The fate of the enterprising American will be decided on February 15, 2024, at a sentencing hearing.
Sabotage as revenge
Situations in which technical specialists from the United States, for one reason or another, commit crimes of a socially dangerous nature are not very rare.
So, in July 2023, CNews wrote about an American instrumentation and control engineer who, before being dismissed from a water treatment plant maintenance company, secured remote access to the computer network of a water treatment plant. He deliberately tried to remove the software responsible for its correct operation, which could lead to health problems for people from the nearest settlements.
This is a dangerous and highly unethical idea
The former chief operating officer (COO) of the American technology company Securolytics organized cyber attacks on several medical institutions in the United States, information about which he later used to attract new customers, writes The Register.
Securolytics is a network security service provider headquartered in Atlanta, Georgia, USA, specializing in serving healthcare clients.
According to the case file, Vikas Singla, a former top manager of Securolytics information security company, in September 2018 personally remotely disabled the telephone network infrastructure based on Ascom equipment at Northside Hospital Gwinnett Medical Center, which operates hospitals in Lawrenceville and Duluth (Georgia).
As a result, more than 200 telephone sets in hospitals were inoperable at one time, depriving doctors and other medical personnel of the ability to communicate with each other via internal communication channels. The availability of such communication channels is critical, especially when responding to situations in which patients need urgent care, such as due to sudden cardiac arrest.
In addition, Singla broke into the private virtual network (VPN) of the medical organization and, through it, gained access to the hospital device for digitizing and analyzing mammographic images Hologic R2. The device, in addition to X-ray results, also stores personal data of patients, including names, dates of birth and gender.
The head of Securolytics then extracted information about 300 patients undergoing the study from the medical device and saved it in a text file called "Baidu.txt", which was subsequently simultaneously printed in both branches of the institution, accompanied by a message with the words:" WE OWN YOU " ("We own you"). In total, more than 200 printers of organizations were involved in this intimidation campaign.
Accessing a public field
After this Single, he covered the incident on the social network X (formerly Twitter) using the now deactivated personal account, from the position of an expert in the field of security and without disclosing the fact of his own involvement in the incident. In total, the man published 43 messages, each of which somehow included confidential patient data stolen from the Hologic R2 machine.
After Singly's public appearance, Securolytics began sending emails to potential customers offering cooperation, citing attacks that its chief operating officer had previously described online.
Plead guilty and avoid jail
In 2021, Singla was charged with intentionally causing damage to a protected computer (17 episodes), as well as gaining access to information on a protected computer (one episode). According to the prosecution, the actions of the ex-top manager of Securolytics resulted in damage to the medical structure, which was estimated at $817 thousand.
In November 2023, the adventurer manager pleaded guilty to the crime and agreed to pay Northside Hospital Gwinnett and the ACE American Insurance Company serving it all $817 thousand in compensation for material damage.
The prosecution also promised not to ask the court for a sentence related to Singla's placement in correctional institutions. Instead, the prosecutor will recommend the appointment of a probationary period of 57 months (about five years), which the guilty person will have to spend under house arrest.
Such a lenient sentence is proposed by the prosecution due to the presence of serious health problems in Singla: "a rare and incurable form of cancer", as well as "a potentially dangerous disease of the cardiovascular system".
The judge, however, may not take the recommendations into account and appoint Singleh up to 10 years in prison. The fate of the enterprising American will be decided on February 15, 2024, at a sentencing hearing.
Sabotage as revenge
Situations in which technical specialists from the United States, for one reason or another, commit crimes of a socially dangerous nature are not very rare.
So, in July 2023, CNews wrote about an American instrumentation and control engineer who, before being dismissed from a water treatment plant maintenance company, secured remote access to the computer network of a water treatment plant. He deliberately tried to remove the software responsible for its correct operation, which could lead to health problems for people from the nearest settlements.
