Singhealth Data Hack
Singhealth data breach: what happened?
Singhealth is Singapore’s largest group of healthcare institutions. And it has come under a major cyber attack. This Singhealth Hack is so major and considered the most serious breach of personal data in Singapore’s history. Hospitals like Singapore General Hospital and KK Women’s and Children’s Hospital are under Singhealth too. Important to note is the fact that Singapore’s Prime Minister Lee Hsien Loong’s personal particulars were stolen. The cyber attack had tried repeatedly to access them. His personal particulars were also stolen.
What else were stolen was: non-medical personal particulars of about 1.5 million patients who visited SingHealth’s specialist outpatient clinics and polyclinics from 1st May 2015 to 4th July 2018. Personal particulars include name, NRIC number, address, gender, race and date of birth.
The implications of this Singhealth Hack
Though what just happened was worrying, cybersecurity experts actually praised the government’s swift response to the cyberattack on SingHealth. However they also made a side note that it is “worrying” for Singapore’s Smart Nation drive and also the many IT and Tech industries that mainly rely on public confidence on all things IT and Tech.
Linda Martin, director and general manager of RSA Conferences said: “The scenario is worrying for industries that rely heavily on public confidence. A laboratory that cannot vouch for the fidelity of medical test results, or a bank that has had account balances tampered with, are examples of organisations at risk.”
She said that governments may also fall foul of such attacks as critical data repositories are altered. “With a growing focus on integrating medtech, fintech and govtech as a part of our Smart Nation drive, local organisations must guard against the possibility of these attacks hitting our shores.”
Tan Shong Ye, a partner at PwC, noted that the Singapore government “responded swiftly” to the incident, including convening a Committee of Inquiry (COI) to look into the cyberattack and find ways to better secure public sector IT systems. “It is good that action was taken immediately after the threat was detected to minimise the risk of further data exfiltration.”
What was found so far on this Singhealth Hack
Initial investigations showed that a SingHealth front-end workstation was infected with malware through which the hackers gained access to the database. The data theft took place between June 27 and July 4.
Unusual activity was first detected on July 4 on one of SingHealth’s IT databases. Security measures, including the blocking of dubious connections and changing of passwords, were taken to thwart the hackers. On July 10, the Health Ministry (MOH), SingHealth and the Cyber Security Agency of Singapore were informed after forensic investigations confirmed that it was a cyber attack. A police report was made on July 12.
No further data has been stolen since July 4. It is duly noted that it was not the work of casual hackers or criminal gangs, but a state-sponsored attack.
Actions so far
SingHealth has taken actions, one of which is to impose a temporary Internet surfing separation on all of its 28,000 staff’s work computers. It is understood that other public healthcare institutions will do the same. The SingHealth group of healthcare institutions include Singapore General Hospital and KK Women’s and Children’s Hospital.
Also, the minister-in-charge of cyber security, S Iswaran, will now convene a Committee of Inquiry (COI) to find out the events and factors that led to the cyber security attack. The incident response will also be drafted.
Why would people do such things as this Singhealth data hack?
Leonard Kleinman, chief cybersecurity adviser for the Asia-Pacific and Japan at RSA Conferences: “Medical data contains a trove of information, from personally identifiable data to financial details, that can be used to create a highly sought-after composite of an individual.”
He added that on the Dark Web, such data can fetch a high price, with each entry selling for US$50-US$100 higher than stolen credit card data. Going by the 2017 Cost of Data Breach Study by Ponemone, a stolen healthcare record fetches US$408. We may also not necessarily see the fallout of such incidents happen immediately, as it could take months for the data to be first sold, then used. Given the nature of this attack, it is hard to say exactly what the end game is, especially when the attackers haven’t identified themselves.”
How should we react
What is important, he said, is the country’s cyber defences and the way it responds to cyber incidents and recovers from such attacks like this Singhealth Hack. “Our future as a Smart Nation will depend on the way we protect, detect and respond to cyber threats.”
Mr Lee on Friday said as much. In a Facebook post on the SingHealth cyberattack, the Prime Minister said: “Government systems come under attack thousands of times a day. Our goal has to be to prevent every single one of these attacks from succeeding. If we discover a breach, we must promptly put it right, improve our systems, and inform the people affected.”
Mr Lee added that when SingHealth digitised their medical records, they had asked if he wanted to computerise his own personal records or keep his records in hardcopy for security reasons. “I asked to be included. Going digital would enable my doctors to treat me more effectively and in a timely manner. Of course, I also knew that the database would be attacked, and there was a risk that one day despite our best efforts it might be compromised. Unfortunately that has now happened.”
Despite that, Mr Lee said: “We cannot go back to paper records and files. We have to go forward, to build a secure and Smart Nation.”. So, we should let this Singhealth Hack stop us from our digitization journey.
My Opinion as a Web Developer In Singapore
In the past 23 years of working a freelance web developer in Singapore, one of the main questions asked of me is this: how secure will the system/server/application be? Some even put it down as a strict requirement that it must be 100% fool-proof secure.
For such queries, usually what i would tell them is that, what we, as web developers, can do is to ensure the best security, as best as possible. But, the bottom line is: there is no 100% fool-proof security. Not for small companies, not for big companies. That means, in other words, we can only try our best.
Another misconception people have is that the developer is not good enough. That’s why a system got hacked, right? It might sound true, but not necessarily so. It’s just like our physical locks. If you put a $1 lock on your suitcase, it takes a $1 thief to break it. If you put a $100 lock on your suitcase, great! No $1 thief is gonna get your stuff now. But guess what. A $100 thief can break your lock then. Thieves, just like normal web developers or other service providers, hone their craft over time. That’s how their “market rate” gets higher too. Same for thief, same for hackers, same for any service providers.
But as PM Lee puts it, there is no going back to the days of pen and paper. It’s a worldwide mantra that no terrorism will bring down our way of life. Likewise, no cyber terrorism should bring down our digital way of life and the convenience and positive factors it bring along with it.
After this Singhealth Hack attack that happened, I foresee some effects on my web development service. But, I just gotta take it in my stride I guess. That’s one reason why people don’t wanna work as programmers.