22/07/2018

SingHealth system hit by 'massive' cyberattack



Hackers hoping for 'some dark state secret' in my medication records will be disappointed: PM Lee
Prime Minister Lee Hsien Loong talks to ministers via video conference at his hospital room at the Singapore General Hospital, a day after his prostate cancer surgery, in 2015

Cyberattackers who repeatedly targeted data on Prime Minister Lee Hsien Loong’s outpatient medication will be disappointed for the information is “nothing alarming”, Mr Lee said in a Facebook post shortly after the Government announced on Friday (Jul 20) that Singapore had been hit with its most serious cyberattack yet.

“I don’t know what the attackers were hoping to find. Perhaps they were hunting for some dark state secret, or at least something to embarrass me. If so, they would have been disappointed. My medication data is not something I would ordinarily tell people about, but there is nothing alarming in it,” Mr Lee wrote on Facebook.

Sophisticated cyberattackers broke into public healthcare cluster SingHealth's IT systems to steal the medical data of 1.5 million patients including Mr Lee, & the unusual activity was detected by the Health Ministry’s IT arm on Jul 4.

read more

Lee Hsien Loong 16 hrs

SingHealth’s database has experienced a major cyber-attack. 1.5 million patients have had their personal particulars stolen. Of these, 160,000 also had their outpatient medication data compromised. I am personally affected, and not just incidentally. The attackers targeted my own medication data, specifically and repeatedly.

I don’t know what the attackers were hoping to find. Perhaps they were hunting for some dark state secret, or at least something to embarrass me. If so, they would have been disappointed. My medication data is not something I would ordinarily tell people about, but there is nothing alarming in it.

When SingHealth digitised its medical records, they asked me whether to computerise my own personal records too, or to keep mine in hardcopy for security reasons. I asked to be included. Going digital would enable my doctors to treat me more effectively and in a timely manner. I was confident that SingHealth would do their best to protect my patient information, just as it did for all their other patients in the database.

read more

MParader added 3 new photos — with Angeline Kwong and 4 others 10 hrs

Heck! First thing I learnt upon my return from Langkawi was that my non-medical personal particulars with SingHealth had been stolen. Cyber theft is a key risk when going digital. But we cannot stop the digital advance and must strive to build the most secure Smart Nation.

In the evening, attended the RCNC 4020 anniversary dinner. Recalled with satisfaction at how Marine Parade, along with Bedok and Tanjong Pagar, piloted the setting up of RCs. RC pioneers like Puhaindran, Loh Soo Ann and Tan Wu Cheng were there to mark the occasion. We need to inject fresh energy and ideas into our Marine Parade RCs. Make an effort to draw in younger RC members. --- gct

read more

Another Singapore agency discovers data theft affecting 70,000 members in the wake of Singhealth data breach

The Securities Investors Association (Singapore) has discovered a cybersecurity breach affecting about 70,000 members, in the wake of the massive Singhealth data hack that unfolded this month.

According to an email SIAS sent to its members, the personal particulars (such as names, NRIC numbers and telephone numbers) of about 70,000 members were illegally accessed and stolen.

Curiously, SIAS – which has been described as “Singapore’s leading voice for all minority shareholders” – has reported that the data breach happened five years ago, in 2013. It only recently discovered the hack and is now taking steps to rectify the situation.

read more

S'pore takes top spot in UN cyber security index
Singapore moved to pole position this year from 6th place in the first Global Cybersecurity Index (GCI) in 2015. FOTO: REUTERS

Singapore has topped a global cyber security index released by the United Nations, beating other UN member states such as the United States, Australia & France.

The Global Cybersecurity Index (GCI) 2017, released on Wednesday, noted that Singapore has "a long history of cyber security initiatives".

"It launched its first cyber security masterplan back in 2005. The Cyber Security Agency (CSA) of Singapore was created in 2015 as a dedicated entity to oversee cyber security & the country issued a comprehensive strategy in 2016," said the report by the UN International Telecommunication Union (ITU).

read more

MAS warns stolen SingHealth data could be used in bank fraud

Financial institutions are discouraged from relying on the stolen information for customer verification.

The Monetary Authority of Singapore has urged financial institutions to tighten customer verification processes in light of the recent cyberattack at government public health database SingHealth wherein the personal information of 1.5 million individuals including the Prime Minister were illegally accessed.

All financial institutions are discouraged from relying on the information stolen from the attack (name, NRIC number, address, gender, race and birth date) for verifying customer identities. Additional information like One-Time password, PIN, biometrics and last transaction date is needed before transactions can be performed on behalf of the customer, the de-facto central bank said in a statement.

read more

SingHealth data hacked a 'goldmine' for identity thieves: Expert
Fear, trust and a willingness to help others

In the wake of Singapore's worst data breach to date, members of the public need to be alert to scammers who may tap on these emotions to trick them into giving up even more personal information, warned cybersecurity experts.

The authorities revealed last Friday that hackers had accessed the personal information of some 1.5 million people who visited SingHealth's hospitals, specialist centres & polyclinics between May 1, 2015, and July 4 this year.

Experts that The New Paper spoke to said such incidents could lead to identity theft, fraud & social engineering attacks, which use human psychology to manipulate victims into revealing confidential information.

read more

4-member Committee of Inquiry convened to investigate SingHealth cyber attack
(Clockwise from top left) The committee will be headed by former chief district judge & current member of the Public Service Commission Richard Magnus. The other members are executive chairman of cyber security solutions firm Quann World, Mr Lee Fook Sun; group chief operating officer of healthcare technology firm Sheares Healthcare Management, Mr T.K. Udairam; & assistant secretary-general of the National Trades Union Congress, Ms Cham Hui Fong. FOTO: ST FILE, CHANGI GENERAL HOSPITAL, ST ELECTRONICS, NTUC.ORG.SG

The authorities convened a 4-member Committee of Inquiry (COI) on Tue (Jul 24) to examine SingHealth's cyber attack that led to the biggest data breach in Singapore.

The committee, headed by former chief district judge and current member of the Public Service Commission Richard Magnus, will also recommend ways to better safeguard public sector IT systems.

The other members of the COI are executive chairman of cyber security solutions firm Quann World, Mr Lee Fook Sun; group chief operating officer of healthcare technology firm Sheares Healthcare Management, Mr T.K. Udairam; & assistant secretary-general of the National Trades Union Congress, Ms Cham Hui Fong.

read more

Singhealth Data Breach - No Action Needed ??

It takes more than 2 months - from 1 May to 4 July 18 before the cyber attacked on Singhealth was discovered.  By then 1.5 million patients' non-medical data was breach.  Because of the late discovery - a further 160,000 patients' medical record was stolen between 27 Jun to 4 Jul.

Think the hacker(s) must be having a field time, first steal personal data, since no one notice go for medical record too.  Why does it takes more than 2 months before major attacked was notice?  IT security system limping weak or Singhealth IT dept sleeping on the job?

Then all these diversion tactics as usual on MSM to take the public focus away from the important questions.  Who attacked us?  What they intend to do with our data?  What is the govt doing to apprehend the hackers?

read more

How alarming that peace-loving Singapore is targeted by a hostile country – and citizens are kept in the dark

The United States’ White House and Pentagon, along with the European Union governments, have declared that state sponsored cyberattacks constitute an “act of war.” But the massive hacking of SingHealth – ostensibly by a foreign country – is described by authorities only as “the most serious breach of personal data.”

Prime Minister Lee Hsien Loong also said nothing alarming was stolen and no “dark state secret” was uncovered by the hackers. Perhaps they are trying not to cause undue concern to Singaporeans. But the gravity of it cannot be played down.

While others are calling such state cyberattacks an “act of war”, our authorities are calling it a “serious breach.”

read more


Did authorities respond fast enough to Singapore’s worst personal data breach?
Patients try out the self-help health kiosk at SingHealth Bedok Polyclinic. (foto: Eastern Health Alliance, now merged with SingHealth)

As the dust settles on the “most serious breach of personal data” in Singapore’s history - which compromised the records of 1.5 million SingHealth patients, including Prime Minister Lee Hsien Loong - questions have surfaced on whether the authorities responded in a timely enough manner once the threat of a cyberattack was detected.

Database administrators from the Integrated Health Information System (IHIS) detected unusual activity on SingHealth’s IT systems on Jul 4 & put a stop to the data breach activities. It was later that they found out data had been illegally copied and stolen beginning from Jun 27 – eight days before the cyberattack was detected.

From Jul 4 to Jul 9, the administrators continued to monitor the network traffic closely before ascertaining it was a cyberattack and alerted their superiors. On Jul 10, MOH, SingHealth & the Cybersecurity Agency of Singapore (CSA) were informed and forensic investigations carried out.

read more

Doctors raise concerns again over national e-records system after data breach at SingHealth

With some doctors already apprehensive about legislation that will make it compulsory for them to submit their patients’ data towards a national e-records system, the recent SingHealth cyber attack has sparked more unease among the medical fraternity.

They want greater reassurances — such as answers to what made SingHealth’s IT system vulnerable such that the data breach affected 1.5 million patients — & what concrete steps will be taken to avert an incident of similar magnitude in future.

Apologising for the cyber attack last Friday (Jul 20), Health Minister Gan Kim Yong said that the National Electronic Health Record (NEHR) project would “have to take a pause” for a while, so that the authorities can look into strengthening the cyber-security measures behind the system before moving on.

read more

Hackers stole data of PM Lee and 1.5 million patients in 'major cyberattack' on SingHealth
Mr S Iswaran, Communications & Information Minister, attends a press conference alongside Health Minister Gan Kim Yong on SingHealth's cyber attack

An unprecedented cyber-attack on Singapore's largest healthcare group SingHealth saw the personal data of 1.5 million patients stolen, including that of Prime Minister Lee Hsien Loong.

The authorities disclosed on Friday (July 20) that hackers broke into SingHealth's IT systems & repeatedly targeted to steal PM Lee's data and records of medication given to him.

The week-long attack, which was carried out between Jun 27 and Jul 4, also saw hackers illegally access and copy the non-medical personal particulars of 1.5 million patients. Around 160,000 of them who had received outpatient treatments also had their medication records stolen, with PM Lee and several government ministers among this group.

read more

SingHealth debunks fake SMS about cyber attack
The real SMS from SingHealth vs the fake SMS being circulated. (Photos: Facebook/Singhealth)

SingHealth has warned the public to be aware of an SMS going around spreading falsehoods.

Singapore’s largest health system turned to Facebook on Friday night (20 July) to debunk the contents of the SMS, which falsely says that patients’ phone numbers and financial details such as credit card information had been accessed in the massive cyber attack that was revealed on Friday afternoon.

The fake SMS also claimed that medical records were accessed, which SingHealth denies

read more

SingHealth cyberattack: SMS notifications sent to more than 700,000 patients

SMS notifications have been sent to more than 700,000 patients to inform them if their data were stolen in the cyberattack, the health operator said in a statement on Saturday (Jul 21).

These individuals had visited SingHealth's specialist outpatient clinics and polyclinics between May 1, 2015 and Jul 4 this year, which is the period when 1.5 million patient records were accessed and copied by hackers.

The remaining SMS notifications will be sent over the next two days, SingHealth said. About 150,000 patients do not have their mobile phone numbers registered with SingHealth; these individuals will receive letters within one week to inform them if they are affected.

read more

Worry, confusion and ambivalence among those affected by SingHealth's data breach
Authorities said the data theft took place between Jun 27 and Jul 4, and patients who were affected had visited SingHealth's specialist outpatient clinics and polyclinics from May 1, 2015, to Jul 4, 2018. ST FOTO: ARIFFIN JAMAR

The most serious cyber attack to strike Singapore saw the data of about 1.5 million patients, including Prime Minister Lee Hsien Loong, stolen from healthcare provider SingHealth's database.

Authorities said the data theft took place between Jun 27 and Jul 4, and patients who were affected had visited SingHealth's specialist outpatient clinics and polyclinics from May 1, 2015, to Jul 4 this year.

Their non-medical personal data that was illegally accessed and copied included their names, IC numbers, addresses, gender, race and dates of birth.

read more

Patients hope they won’t become victims of scams
Public healthcare cluster SingHealth had been the target of Singapore’s most serious cyberattack to date

Shocked by news that public healthcare cluster SingHealth had been the target of Singapore’s most serious cyberattack to date, some patients feared their data would be used for scams & hoped IT systems would be strengthened to prevent future breaches.

Employees approached by TODAY were tight-lipped, saying they were not allowed to comment on the issue.

About 1.5 million patients who visited SingHealth’s specialist outpatient clinics & polyclinics from May 1, 2015 to July 4 this year had their non-medical personal data illegally copied, the Ministry of Health and Ministry of Communications and Information announced on Friday (July 20). The data taken include names, identity card numbers, addresses, gender, race and dates of birth.

read more

SingHealth will notify patients affected by cyberattack; Government to order Committee of Inquiry

Starting from Friday (Jul 20) evening & over the next five days, SingHealth will progressively send a text message to each of the 1.5 million patients who visited its specialist outpatient clinics & polyclinics from May 1, 2015 to Jul 4, 2018 to notify them if their medicine records had been illegally extracted or not.

For those with no registered mobile number, a letter will be sent to their address within a week.

These 1.5 million patients had their non-medical records – including name, NRIC, address and date of birth – illegally accessed and copied in the cyberattack. Of this group, about 160,000 patients had their medicine records stolen.

Singapore is a top hacking nation
But we are also number one in security strategy

Forget about being a Smart nation or a startup country The city-state has made into the podium as one of the top ten attacking countries, based on data from (Threatmap). The website tracks malicious cyber-attacks across the globe and consistently ranked the top aggressors in cyber-attacks.

One glance on the list of top ten attacking countries, one will find the great powers of the world pitting each other for glory and honors in the cyberspace. However, a nation or rather a city-state stood out from the rest of big countries with likes of USA, Russia, UK, Germany and China. Surprise, surprise … the city-state is none other than Singapore.

According to Threatmap, the island-nation is placed on the fourth position among the top attacking countries. Singapore has held the same position rather consistently over the past two weeks, which saw almost an average cyber-attacks of 14 million cases over the world daily.

read more

Full Coverage:
SingHealth ‘most serious breach of personal data’; PM Lee's data targeted
Singapore health system hit by cyberattack; PM Lee's data targeted
If they were looking to embarrass me, they would be disappointed, says PM Lee
SingHealth will notify patients affected by cyberattack; Government to order COI
Cyberattack on SingHealth: Patients hope they won't become victims of scams
SingHealth cyber attack: COI to be headed by retired judge Richard Magnus
Spore health system hit 'most serious breach'; PM Lee's data targeted
Ministers Gan Kim Yong & Iswaran on 'massive' SingHealth system cyberattack
SingHealth cyberattack must not derail Smart Nation plans: Minister S Iswaran
Minister Gan Kim Yong on SingHealth Data Breach
Cyberattack on SingHealth IT system: What you need to know
Minister Iswaran on the Committee of Inquiry
Singapore health system hit by 'massive' cyberattack | News conference in full
Personal info of 1.5m SingHealth patients, including PM Lee, stolen
E-mail channel and hotline for SingHealth patients whose data was stolen
How to check if you are affected, and what you need to know
PM Lee says nothing alarming in his data that was stolen, no 'dark
SingHealth will notify patients affected by cyberattack
SingHealth cyberattack by nation state, medical data ‘can fetch a high price’
COI will also be convened to look into the incident
Hacking for 'some dark state secret' in my records will be disappointed
Cyberattack on SingHealth: Patients hope they won’t become victims of scams
Cyberattack on SingHealth: Govt to convene COI
SingHealth warns of fake SMSes capitalising on news of recent cyberattack
12 Ways to Protect Your Identity at Work