Security Firm COO Loses Bid to Dismiss Cyberattack Case
Cybercrime , Fraud Management & Cybercrime , Healthcare
Judge Rejects Recommendations to Drop Case in Medical Center Incident Marianne Kolbasuk McGee (HealthInfoSec) • March 2, 2023 Prosecutors allege a network security firm’s chief operating officer launched a 2018 cyberattack on Gwinnett Medical Center in Georgia.
A Georgia man who is the chief operating officer of a network security firm can’t escape criminal charges related to a 2018 cyberattack against a local medical center.
See Also: OnDemand | Navigating the Difficulties of Patching OT
A federal judge rejected recommendations by an Atlanta magistrate judge to dismiss a criminal case against Vikas Singla.
Federal prosecutors charged Singla in 2021 with hacking offenses – in an 18-count indictment. They say that Singla conducted a cyberattack in September 2018 that affected two hospitals of Gwinnett Medical Center. The attack allegedly disrupted the medical system’s Ascom phone service, obtained information from a Hologic R2 digitizing device, and disrupted a Lexmark printer network, in part for “commercial advantage and private financial gain. Fifteen of the charges against Singla stem from the Lexmark printer disruption (see: Security Firm COO Charged in Attack on Medical Center).
U.S. District Judge Michael Brown on Tuesday rejected the recommendations of a magistrate judge to approve a motion to dismiss the case. Singla’s LinkedIn profile identifies him as being the current COO of Atlanta-based Securolytics, a job it says he has held since 2016.
Court documents do not specify the relationship that Singla had with Gwinnett Medical Center. He is described by prosecutors in court papers only as COO of an unnamed network security company that offered services “to the healthcare industry.”
Singla sought to have his indictment dismissed on grounds including an alleged lack of specificity in the charges against him. That includes the alleged “absence of essential facts” in the indictment, necessary for Singla to prepare his defense.
Among the “essential facts” Singla alleged was lacking are the nature of the “transmission” that occurred, the “”program, information, code or command” he allegedly transmitted, and the “damage” his conduct caused to the “protected computers.”
While the magistrate judge who reviewed the case recommended Singla’s motion to dismiss be granted, Brown disagreed, writing, “Singla has adequate information to defend against the allegations.”
That includes details about evidence that was discussed with Singla and his defense attorney in communications during discovery. “The email demonstrates Defendant Singla understood the computers at issue,” Brown wrote.
A defense attorney representing Singla in the case did not immediately respond to Information Security Media Group’s request for comment on the latest developments in the case and for clarification about Singla’s relationship with the medical center.
Singla and his apparent employer, Securolytics, also did immediately respond to ISMG’s request for comment.
Northside Hospital System declined ISMG’s request for comment on the latest developments in the case against Singla.
Brown referred the case back to the magistrate judge for consideration of any pretrial motions. A status conference for the case is slated for March 14.