Quote Of The Year

Quote Of The Year - Paul Shetler - "Its not Your Health Record it's a Government Record Of Your Health Information"

Saturday, July 21, 2018

Stark Graphic Outlines The Consequences Of The Singapore Breach!

I spotted this from SingHealth - was worth posting I thought.


What an amazing episode. A warning for all large data-bases.

David

4 comments:

Bernard Robertson-Dunn said...

Read the answer to question 2 very carefully.

It does not say they were not accessed, just not changed.

In the longer account is says:

"...hackers had gained control through breaching a frontend workstation, from which they then were able to obtain privileged account credentials to gain access to SingHealth's database."

In other words a user, which could have been a developer or an end user.

It could well have been a threat vector that an unsuspecting user had downloaded by clicking on a link they shouldn't have. That the reports say it was "deliberate, targeted, well-planned" suggest that it came from an email to one or more employees.

None of this is unusual or difficult. All users are potentially vulnerable, just requires good internet hygiene.

Anonymous said...

The concerning bit is Singapore is pretty hot when it comes to national cyber security, they have to be, there economy is built in part on technology and finance. I have seen some of their cyber operations and they are in a whole different ball park than the ADHA.

Anonymous said...

At least they know if a record has been altered, wonder if the Government HR system could determine is text within PDF had been altered under similar conditions

Anonymous said...

The MyHR sounds like a back door into more important Government systems, I do hope the ASD is across all this. The ADHA is a bit sloppy at best and I do not get a sense they really understand the system or the feeder systems all that well.