Singapore’s Giant Healthcare Hack

Uploaded on 2018-07-25 in TECHNOLOGY--Hackers, NEWS-News Analysis, FREE TO VIEW, BUSINESS-Services-Health & Welfare

In the worst cyber-attack in Singapore's history, hackers broke into the computers of SingHealth, the Republic's largest public healthcare group, and scooped up personal information on 1.5 million patients in June 2018. 

Of these, 160,000 people, including Prime Minister Lee Hsien Loong and a few ministers, had their outpatient prescription information stolen as well.

At a press conference on July 20th, the authorities said that the attackers "specifically and repeatedly" targeted data on PM Lee.

Mr David Koh, chief executive of the Cyber Security Agency of Singapore, said: "The attack was a deliberate, targeted and well-planned cyber-attack." He ruled out casual hackers and criminal gangs, but refused to be drawn on who might be behind the attacks.

Cybersecurity experts commented that, given the nature of the attacks, these were likely to be state-organised or sponsored, with just a few key countries such as China, Russia and the United States having the capacity to mount such a sophisticated attack.

A Committee of Inquiry (COI) will be convened to establish the events that led to the breach and recommend measures to better secure public sector IT systems.

Database administrators of the Integrated Health Information Systems first detected unusual activity on July 4, and acted immediately to halt the activity. However, subsequent investigations established that hackers had breached the system a week earlier, on June 27.

In that time, the attackers took records of patients who visited nine SingHealth institutions from May 1, 2015, to July 4 this year. The institutions include Singapore General Hospital, Changi General Hospital and SingHealth's network of polyclinics.
What specific information the hackers were after was unclear, although experts said the damage could well have been worse.
For the bulk of the 1.5 million patients, the data taken includes personal details like names, identity card numbers and addresses, and demographic information like a patient's gender, race and date of birth. Credit card numbers and mobile phone numbers were unaffected.

While the hackers copied information on medicine dispensed to 160,000 outpatients, they did not tamper with these records nor gain access to more detailed medical records like diagnosis, test results or doctors' notes.

"I don't know what the attackers were hoping to find. Perhaps they were hunting for some dark state secret, or at least something to embarrass me," PM Lee said in a Facebook post. "If so, they would have been disappointed. My medication data is not something I would ordinarily tell people about, but there is nothing alarming in it."

Still, the aftermath of the breach will be far-reaching. For a start, all new Smart Nation projects will be paused as the Smart Nation and Digital Government Group reviews the cyber-security measures of government systems and implements any necessary safeguards.

The introduction of a new Singaporean law scheduled later this year, to make all healthcare institutions contribute data to the National Electronic Health Record, will be postponed.

Computers at all health clusters will also be cut off temporarily from the Internet, in much the same way Net access was cut off from computers of public servants last year. SingHealth cut access, and the other two clusters are expected to follow suit.
At the press conference, Health Minister Gan Kim Yong apologised to the patients for the breach. "I am deeply sorry this has happened. The public healthcare family sees our role as not just providing good patient care, but also safeguarding the confidentiality of our patients' data," he said.

All affected patients will be notified over the next five days either through SMS or mail, if their phone numbers are not on record. Patients can also go to SingHealth's website or app to check if their data has been affected.

Despite the attack, the Government stressed that the incident did not mean it was abandoning its technological push. Communications and Information Minister S. Iswaran, who noted there have been numerous similar breaches in countries like the US and Britain, said: 

"This is an ongoing battle. But we must not allow this incident, or any others like it, to derail our plans for a smart nation. We must adapt ourselves to operate effectively and securely in the digital age." 

Straits Times

You Might Also Read: 

Hacker Group Targets Healthcare Providers:

Healthcare Security Should Use More Sophisticated Tools:

 

« MoneyTaker Take Money From A Russian Bank
Five Key Ways to Protect Your Company Against Cyber Attacks »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Spiceworks

Spiceworks

Spiceworks provide a range of free apps for IT professionals including network inventory, network monitor, and help desk.

SAMATE

SAMATE

The Software Assurance Metrics And Tool Evaluation project is an inter-agency project between the US Department of Homeland Security and NIST.

We Watch Your Website

We Watch Your Website

We Watch Your Website provide website monitoring, protection, malware removal and root cause analysis services to help you keep your website secure.

Oracle Cloud Security

Oracle Cloud Security

Oracle’s cloud security solutions enable organizations to implement and manage consistent security policies across the hybrid data center.

Bundesdruckerei

Bundesdruckerei

Bundesdruckerei specializes in secure identity technologies and services for protecting sensitive data, communications and infrastructures.

Cisco Talos

Cisco Talos

Talos is an industry-leading threat intelligence solution that protects your organization’s people, data and infrastructure from active adversaries.

CyberWrite

CyberWrite

Cyberwrite was founded to provide underwriters around the world a unique and innovative Cyber Underwriting platform.

InfoGuard

InfoGuard

InfoGuard is a leading Swiss company providing comprehensive cyber security and network solutions.

Vintegris

Vintegris

Vintegris are a Certification Authority and manufacturer of innovative systems and applications for the full cycle of digital identity.

TypingDNA

TypingDNA

TypingDNA uses AI to recognise people by the way they type on desktop keyboards and mobile devices.

Carve Systems

Carve Systems

Carve Systems was founded to bring enterprise level information security, training, and risk management services to organizations of any size and industry.

Robert Walters

Robert Walters

Robert Walters is one of the world's leading global specialist professional recruitment and recruitment process outsourcing consultancies.

SecSign Technologies

SecSign Technologies

SecSign Technologies delivers user authentication, messaging, file sharing, and file storage with next generation security for company networks, websites, platforms, and devices.

PacketViper

PacketViper

PacketViper’s Deception360 actively defends networks with deception-based threat detection and automated response to both external and internal cyber threats.

GTT Communications

GTT Communications

GTT are a global network provider that serves thousands of multinational and national enterprise, government and carrier customers with a portfolio of advanced connectivity and security services.

Data Defenders

Data Defenders

Data Defenders provide information security technology solutions that empower consumers, businesses and governments with safe and secure IT and cybersecurity infrastructures.