Trust Betrayed: IT Company’s COO Admits to Hacking for Financial Gain
In a surprising news twist, the former Chief Operating Officer of Securolytics (a network security company servicing healthcare), Vikas Singla, has confessed to hacking two hospitals to promote his cybersecurity services and grow his own business.
These events raise critical questions about the need to verify and monitor IT professionals, even those we think we can trust implicitly.
The Hospital Hacking Incidents
Singla’s hacking campaign began in 2018 with manipulating the phone system at Gwinnett Medical Center hospital. By altering files, he disabled phones and networks, severely disrupting essential hospital functions, including emergency responses and daily coordination.
Singla also managed to steal personal data from over 200 patients. As if this wasn’t enough, he assumed control over 200 printers at both hospitals, causing them to print stolen patient data alongside the message: “WE OWN YOU.”
The Unanticipated Publicity Stunt
Singla’s actions didn’t end with the hacks. He took to Twitter, operating under an anonymous identity, and claimed responsibility for the hospital breaches. To emphasize his point, he even disclosed some of the stolen personal data.
Then he reached out as his own company, Securolytics, to those patients who were hacked, attempting to get them as clients in order to boost business.
Consequences and Guilty Plea
Singla’s actions resulted in substantial financial losses, exceeding $817,000 for the hospital system. Singla has agreed to repay the $817,000 plus interest to the hospital as part of his 57-month probation plea bargain. His next trial takes place on Feb 15th 2024 where he may receive up to 10 years in jail.
The Vital Lesson: Verification in IT
This case serves as a stark reminder of the critical importance of scrutinizing and verifying the actions of IT professionals, even those we trust implicitly. Trust should never be a substitute for vigilance.
Here are some ways to verify IT professionals’ actions:
- Regular Risk Assessments: Conduct regular risk assessments to identify potential vulnerabilities in your IT systems. This proactive approach can help prevent unauthorized access and breaches.
- Penetration Testing: Periodically engage in penetration testing to evaluate your network's security. Simulate cyberattacks to discover weaknesses before malicious actors do.
- Regular Meetings and Reporting: Maintain open lines of communication with your IT team. Regular meetings and status reports can provide insights into ongoing projects and activities.
- CEO Involvement: As a CEO or top-level executive, actively participate in discussions about IT security and risk management. Request regular reporting and information to verify how your IT team is serving you.
- Audits and Compliance Checks: Regularly perform outside third-party audits of your IT systems and ensure compliance with industry standards and regulations. These audits can uncover any irregularities and can shed light on your IT team and what they are doing for you.
In the realm of cybersecurity, ethical conduct is paramount. Our industry must prioritize the security and privacy of our clients’ data above all else, steering clear of unethical shortcuts or attempts to gain an unfair advantage.
When was the last time you verified if your current IT Team was doing what they should be? Schedule a FREE IT Assessment HERE to ensure that your IT partner is meeting your security, cost-efficiency, proactivity, and network update requirements. Trust is essential, but verification ensures the reliability of your IT services provider for your business’s peace of mind.
Walter Contreras
Walter Contreras has over 25 years of experience in information technology, including cybersecurity, with a focus on the Insurance Industry. As both a computer scientist and a graduate of the Columbia University Business School’s Executive MBA program, Walter understands how the world’s digital transformation is impacting small and medium businesses. His mission is to deploy information technology to protect and empower entrepreneurs.
