Singapore suffers 'most serious' data breach, affecting 1.5M healthcare patients including Prime Minister
Government describes attack as "deliberate, targeted, well-planned" and assures no medical data has been tempered with, but security vendors warn compromised data may end up for sale on the Dark Web.
Singapore government has been opening up user data access to ease information exchange and business transactions, but it should observe some caution as major organisations continue to slip up over security.
Non-medical personal details of 1.5 million patients who visited SingHealth's specialist outpatient clinics and polyclinics between May 1, 2015, and July 4, 2018, had been accessed and copied. The stolen data included patients' name, national identification number, address, gender, race, and date of birth. In addition, outpatient medical data of some 160,000 patients were compromised, though, the records were not modified or deleted, said the Ministry of Health and Ministry of Communications and Information (MCI), in a joint statement late-Friday.
"No other patient records, such as diagnosis, test results or doctors' notes, were breached [and] we have not found evidence of a similar breach in the other public healthcare IT systems," they said.
The first sign of unusual activities was detected on July 4, 2018, by the Integrated Health Information Systems (IHiS), which is the public healthcare sector's technology agency and responsible for running local public healthcare institutions' IT systems.
The agency "acted immediately" to stop the illegal activities and implemented "additional cybersecurity precautions", whilst carrying out further investigation on the incident. Six days later, on July 10, IHiS informed the Health Ministry and Cybersecurity agency of Singapore (CSA) after confirming it had suffered a cyberattack.
However, while the attack was detected on July 4, it was later established that data "was exfiltrated" from June 27. A police report was filed on July 12 and investigations were ongoing. In the statement, CSA and IHiS described the attack as "deliberate, targeted, and well-planned".
"It was not the work of casual hackers or criminal gangs. The attackers specifically and repeatedly targeted Prime Minister Lee Hsien Loong's personal particulars and information on his outpatient dispensed medicines," they said.
No further data was compromised following the discovery on July 4 and IHiS had deployed further measures to tighten the security of SingHealth's IT systems, including temporarily separating internet access from workstations, resetting user and systems accounts, and installing additional system monitoring controls.
CSA said hackers had gained control through breaching a frontend workstation, from which they then were able to obtain privileged account credentials to gain access to SingHealth's database.
Full long article is here:
https://www.zdnet.com/article/singapore-suffers-most-serious-data-breach-affecting-1-5m-healthcare-patients-including-prime/
There is another good read on the leak here:
David.
3 comments:
As discovered many parts of the ADHA networks are not as secure as they may believe, it will not be long before attention turns their way. Someone in Canberra needs to call health IT and ask what they are doing. If a free scanner from the internet can discover concerns heaven helps us when real tools are used.
I must say I am impressed with the maturity the Singapore Government is showing, fully transparent and honest, have taken a view to pause all smart state initiatives while a full cyber review is conducted ( most likely openly and honestly). For a country with no natural resources and no government debt and departments that seem to work together they can afford to be honest.
And the original Pcehr design - which doesn’t appear to have changed for Myhr - was modelled on the SingHealth system Accenture built...
Post a Comment