Vikas Singla [1] [2] [3] [4] [5] [6], the former COO of cybersecurity company Securolytics [2] [4] [5], has pleaded guilty to launching cyberattacks on Gwinnett Medical Center (GMC) [2] [4], a non-profit healthcare organization in Georgia [2] [4].


Singla admitted to modifying the configuration files of the GMC ASCOM phone system [6], rendering every ASCOM phone at GMC Duluth unusable [2]. Additionally, he gained unauthorized access to patient information from a Digitizer attached to a mammography machine and used it to print messages on over 200 printers at GMC’s hospital campuses [2]. Singla even promoted the hack on Twitter [1] [3] [6], claiming that Gwinnett had been compromised [2]. These attacks resulted in a financial loss of $817,804.12 for GMC [2] [4].

As part of his plea agreement [2], Singla has agreed to repay over $817,000 to the Insurance Company and Northside Hospital Gwinnett [2]. Singla now faces a maximum prison term of 10 years for intentionally damaging a protected computer [5]. However, due to Singla’s diagnosis of a rare and incurable form of cancer and a potentially dangerous vascular condition [6], prosecutors are recommending 57 months of home detention/probation instead of jail time [6].


The cyberattacks orchestrated by Singla had severe consequences for Gwinnett Medical Center, both financially and in terms of compromised patient information. While Singla’s guilty plea and agreement to repay the damages provide some restitution, the potential prison term is being reconsidered due to his medical conditions. This case highlights the importance of robust cybersecurity measures in protecting sensitive healthcare data and the need for appropriate legal consequences for those who engage in cybercrime.