Hackers breached the Singapore authorities’s well being database with a “deliberate, focused and well-planned” cyberattack, accessing the information of about 1.5 million sufferers, together with Prime Minister Lee Hsien Loong, for nearly a full week.
The cybercriminals initially breached a front-end workstation to achieve privileged account credentials to acquire privileged entry into the database. Officers mentioned they detected uncommon exercise on July four, however the hack started on June 27.
The investigation discovered the hackers didn’t tamper with the data, relatively they exfiltrated the information. Officers mentioned the assault was well-planned, and it wasn’t the work of “informal hackers or legal gangs.”
Based on the official assertion, hackers focused scientific visits between Could 1, 2015, and July four, 2018. All sufferers who visited SingHealth’s outpatient clinics and polyclinics throughout that point interval had been included within the breach. Affected person care was not disrupted in the course of the assault.
The stolen knowledge contained demographic data and affected person identification numbers. Medical data like diagnoses and take a look at outcomes weren’t included. Nonetheless, for 160,000 sufferers, together with the prime minister, the hackers stole knowledge on outpatient-dispensed drugs.
Upon discovery, officers mentioned they instantly labored to cease additional unauthorized entry and notified authorities to analyze. Throughout that point, the hackers continued their makes an attempt to entry the system. However all suspicious exercise ended on July four.
For the reason that assault, the well being system has tightened up its safety measures, which included quickly “imposing web browsing separation.” Officers mentioned they’ve additionally elevated controls on workstations and servers, reset consumer and programs accounts, and put in further system monitoring controls.
“Related measures are being put in place for IT programs throughout the general public healthcare sector in opposition to this menace,” officers mentioned. “The Ministry of Well being has directed [the health system] to conduct a radical evaluate of our public healthcare system, with help from third-party consultants, to enhance cyber menace prevention, detection and response.”
“Areas of evaluate will embrace cybersecurity insurance policies, menace administration processes, IT system controls, and organizational and employees capabilities,” officers mentioned. “Advisories have been despatched to all healthcare establishments, private and non-private, on the cybersecurity precautions and measures to be taken.”
The federal government’s minister accountable for cybersecurity will likely be establishing an inquiry committee to externally evaluate the cyberattack. Whereas Singapore doesn’t fall below HIPAA, it’s breach serves as a robust reminder that nations and authorities well being companies proceed to be focused by hackers.
Atlanta’s authorities programs went down for a number of days after a focused cyberattack, whereas Germany’s community was attacked by hackers who focused the non-public community of the inside minister.
Simply this 12 months, the U.S. and U.Okay. discovered the Russian authorities was behind the worldwide Petya assault in June 2017. The wiper malware destroyed the IT programs of a number of main corporations like FedEx and Merck, but additionally a number of U.S. well being programs that needed to substitute complete networks to recuperate.
Twitter: @JessieFDavisEmail the author: firstname.lastname@example.org