Real World Risk Management Practical HR Resources
Are you a new user?


Due Diligence Of Cybersecurity Vendors And Safeguarding IOT

The former COO of a cybersecurity company is facing years of house arrest after he pled guilty to breaching the networks of two hospitals belonging to the Gwinnett Medical Center (GMC) system in Georgia.

He admitted committing the acts in June 2021 to "boost his company's business". The defendant worked for Securolytics, a network security company that provided services to the healthcare industry, including his victims, two GMC-associated hospitals in Duluth and Lawrenceville, Georgia.

During his attack on September 27, 2018, he disrupted the health provider's phone and network printer services and stole the personal information of more than 200 patients from a Hologic R2 Digitizer digitizing device connected to a mammogram machine in GMC's Lawrenceville hospital. On the same day, he took over 200 printers in the GMC hospital in Duluth and caused them to print stolen patient information and "WE OWN YOU" messages.

In his plea, the defendant stated he attempted "to create and use publicity about the attack, including by causing the publication of information obtained without authorizations from the Digitiaze, to generate business for Securolytics." He then "promoted" the GMC hack on Twitter, tweeting the names, dates of birth, and sexes of 43 patients whose data had been stolen in the breach. Securolytics also reached out to potential clients after the attack, highlighting the GMC incident in the emails.

The man faced 17 counts of intentional damage to a protected computer and one count of obtaining information from a protected computer. Prosecutors say that the defendant's attack on GMC's ASCOM phone system, printers, and digitizer resulted in more than $817,000 in financial losses, which he agreed to repay.

After he pled guilty, prosecutors stated they will recommend a sentence of 57 months' probation, including home detention, based on the defendant being diagnosed with "a rare and incurable form of cancer" and "a potentially dangerous vascular condition," which warrant "home detention as an alternative to incarceration" so that the defendant can receive appropriate medical care. Sergiu Gatlan "Cybersecurity firm executive pleads guilty to hacking hospitals" (Nov. 20, 2023).




This case is unusual in that the criminal who breached the two hospital networks was neither a disgruntled employee nor an anonymous cyberthief operating here or from abroad, but instead was a network security provider.

His easy access into the network, via networked printers and digital devices connected to medical equipment, serves as a reminder that there are many ways networks are breached.

Due diligence is important to minimize your cybersecurity risks, including performing background checks on your cyber vendor, which would include speaking to the vendor's other clients. 

Another important due diligence step is to perform a background check, including online reviews, of potential vendors.

Another risk highlighted in the above matter is that the Internet of Things (IoT) was the chosen entry point in this case. Even small organizations may have many internet-connected devices on their network. Security cameras, printers, scanners, cell phones, thermostats, and specialized electronic devices may all use factory-issued default passwords which are easily found on the internet. 

Protect web-enabled appliances from attack by taking a few simple steps. First, do not connect any device directly to the internet. Instead, use a router with a firewall to keep outsiders out of your network. Be sure to change the router's default credentials to a complex password.

Check the devices' default settings, and make sure things like UPnP are disabled. Avoid IoT devices that advertise built-in Peer-to-Peer (P2P) capabilities. P2P IoT devices are notoriously difficult to secure, and research repeatedly has shown that they can be reachable remotely over the internet, even going through a firewall 

Finally, your opinion is important to us. Please complete the opinion survey:

Cybercriminals: Now Targeting Apple Users

Apple devices are emerging as a new target for cybercriminals who are using proven social engineering tricks. What steps can users take to limit their risk?

read more

Ask Jack: Why Shouldn't I Use My Work Computer For Online Games?

Kids like to game on any device. Work devices are no exception. Jack explains why games should not be played on work devices.

read more

Cybercriminals Are Using Booking.Com Refund Ploy As Bait

Everyone likes a refund, cybercriminals know this, so they are using this tactic to spread malware. We examine ways to minimize your risk.

read more

Ask Jack: Is AI A Threat. . . Now?

For months, experts have predicted that artificial intelligence (AI) will change the cyber defense landscape. Jack details a report that states it is now here.

read more