Singapore succumbs to massive data breach in 'state-sponsored' attack

Share

According to a joint press release from the Ministry of Communications and Information and Ministry of Health, information on approximately 160,000 outpatient dispensed medicines were retrieved. This information is typical personal identifiable information (PII) such as names, date of birth, gender, addresses, and race.

The breach affected SingHealth, Singapore's biggest network of healthcare facilities.

The data theft occurred on 4 July, confirmed by the authorities on 10 July, and was only made public on 22 July.

The government is working to reinforce cyber security with the support of specialists.

Singapore has faced another cyber threat after a total of 1.5 million SingHealth patients' non-medical personal data were stolen last month.

"We must learn from this and emerge stronger and more resilient from this incident", said Health Minister Gan Kim Yong at a news conference.

Meanwhile, the Minister-in-charge of Cybersecurity, S Iswaran, on Friday, 20 July, convened a Committee of Inquiry (CoI) into the incident.

Commenting on the measures that government has taken so far, Ryan Lim, founder of QED Consulting said that this will not have a major effect on the overall SmartNation agenda on the strategic level.

The systematic siphoning of the SingHealth database went undetected for almost three years and Singapore's government has confirmed that the records haven't been tampered with but only copied.

Blood moon: Longest lunar eclipse of the century is coming this week
Well, whether you think it'll be the end of our existence or just another lunar eclipse, one thing's for sure. A lunar eclipse occurs when the moon, earth and sun align, with the moon behind the earth , in its shadow.

As part of government moves to tighten the security of SingHealth's IT systems, no computers used for health IT system are being allowed to access the internet, additional controls have been placed on workstations and servers, user and systems accounts have been reset, and additional system monitoring controls have been installed.

According to the statement, SingHealth lodged a police report on 12 Jul 2018 and police investigation is ongoing.

In his Facebook post about the attack, Lee warned that "those trying to break into our data systems are extremely skilled and determined".

However, the evidence did not suggest that any records had been amended or deleted, and no other patient records, such as diagnosis, test results or doctors' notes, had been breached.

"I am personally affected, and not just incidentally".

"Many businesses and governments in Southeast Asia face cyber threats, but few recognise the scale of the risks they pose".

Wealthy Singapore is hyper-connected and on a drive to digitise government databases and essential services. He said: "With cyber attackers getting better-skilled by the day, it's not surprising to see breaches happen despite our best efforts".

BBC pointed to a 2015 study that suggested around 29 million digital health records were exposed in one way or another between 2010 and 2013 in the US. PM Lee assured that the hack is not going to be a setback in the digitization of health records, but a motivation to build a "secure and smart nation".

Share