Former COO of the Atlanta-based cybersecurity firm Securolytics, Vikas Singla, launched a collection of cyberattacks on the non-profit healthcare group Gwinnett Medical Heart (GMC), which has areas in Lawrenceville and Duluth, Georgia.
GMC suffered a monetary lack of $817,804.12 on account of the defendant’s laptop intrusions that affected the GMC ASCOM telephone system, printers, and Digitizer, in addition to the defendant’s course of conduct.
Within the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Merchandise at Indusface reveal how APIs might be hacked. The session will cowl: an exploit of OWASP API Prime 10 vulnerability, a brute power account take-over (ATO) assault on API, a DDoS assault on an API, how a WAAP might bolster safety over an API gateway
Specifics of the Hack
The plea settlement states that on September 27, 2018, the defendant deliberately despatched a command that triggered an illegal change to the ASCOM telephone system configuration template for the GMC hospital campus in Duluth, Georgia.
Moreover, he knew he didn’t have the authority to make the modifications he supposed to make to the configuration recordsdata of the ASCOM telephone system.
Consequently, upon the defendant’s transmission, each ASCOM telephone at GMC Duluth that was linked to the telephone system grew to become unusable. There was an outage of over 2 hundred ASCOM handset units.
Inside communication between nurses and docs, even throughout “Code Blue” emergencies, was made attainable by the ASCOM telephones utilized by the hospital employees members. Making calls from exterior the hospital was additionally attainable utilizing the ASCOM telephones.
The defendant gained entry to over 300 sufferers’ names, dates of start, and intercourse with out permission from a Hologic R2 Digitizer that was hooked up to a mammography machine on the GMC hospital in Lawrenceville.
The Digitizer required a password to entry it, and it was obtainable over GMC’s VPN. His entry to the Digitizer’s data was not licensed.
Singla deliberately despatched a command that led to the printing of a file known as Baidu.txt, which triggered greater than 200 printers at Gwinnett’s hospital campuses in Duluth and Lawrenceville to print affected person data comparable to title, birthdate, and intercourse that was obtained with out consent from the digitizer and interspersed with the assertion “WE OWN YOU.”
“The printers had been utilized in reference to affected person care and the messages printed on the pc had the potential to trigger concern amongst medical employees and impair the supply of hospital providers.”
On October 2, 2018, Singla allegedly “triggered” the posting of 43 messages on the @baidu325017231 Twitter account, alleging that Gwinnett had been compromised.
Prosecutors declare within the plea settlement that Singla obtained the title, date of start, and gender of every affected person from the hacked digitizer, which was included in every of the 43 messages.
As a part of the plea settlement, he has now consented to pay the Insurance coverage Firm and Northside Hospital Gwinnett in Lawrenceville greater than $817,000 in reimbursement, plus curiosity.
On condition that Singla has a critical vascular sickness and a uncommon, incurable type of most cancers, the plea settlement suggests dwelling detention as a substitute for imprisonment.
Expertise how StorageGuard eliminates the safety blind spots in your storage techniques by attempting a 14-day free trial.