Published: Sun, July 22, 2018
Worldwide | By Isabel Fisher

Singapore govt health database hacked - Security

Singapore govt health database hacked - Security

Hackers have stolen health records belonging to 1.5 million Singaporeans, including Prime Minister Lee Hsien Loong who was specifically targeted in the city state's biggest ever data breach, authorities said Friday.

Data exfiltration occurred between June 27 and July 4, the newspaper reported.

The records of the medicines given to 160,000 people - the Prime Minister among them - who had received outpatient treatment at SingHealth's outlets were also stolen.

"The records were not tampered with, records were amended or deleted".

Singapore's Health Ministry said that hackers did not access any diagnoses, test results or doctors' notes.

The statement added there are no evidence of a similar breach in the other public healthcare IT systems.

"With regard to the prime minister's data and why he was targeted, I would say that it's perhaps best not to speculate what the attacker had in mind", said David Koh, head of Singapore's Cyber Security Agency.

"The nature of such attacks are that they are conducted by nation states using very advanced tools", he said. However, the hackers did not manage to steal more data after July 4.

As I have noted before in these pages, Singapore has always been paying keen attention to the cyber domain, as a developed, highly networked country that relies on its reputation for security and stability to serve as a hub for businesses and talent.

Singapore's government on Friday described the cyberattack on its public health system as "serious, unprecedented and massive".

Unusual activity was first detected on July 4 on one of SingHealth's IT databases. SingHealth lodged a police report on 12 Jul 2018.

SingHealth has imposed a temporary Internet surfing separation on all of its 28,000 staff's work computers. Advisories have been sent to all healthcare institutions, public and private, on the cybersecurity precautions and measures to be taken.

Leonard Kleinman, chief cybersecurity adviser for the Asia-Pacific and Japan at RSA Conferences, told BT: "Medical data contains a trove of information, from personally identifiable data to financial details, that can be used to create a highly sought-after composite of an individual".

But authorities have put the brakes on these plans while they investigate the cyberattack.

He added that on the Dark Web, such data can fetch a high price, with each entry selling for US$50-US$100 higher than stolen credit card data. "The Cyber Security Agency's (CSA) investigations have established that the attack was deliberate, targeted and carefully planned".

Even with the increased cybersecurity posture, it's unknown if Singapore would be able to stop another round of attacks, especially if they have the backing of a state actor.

"Government systems come under attack thousands of times a day".

Mr Iswaran said that "we must get to the bottom of this breach". PM Lee assured that the hack is not going to be a setback in the digitization of health records, but a motivation to build a "secure and smart nation".

Like this: