As a tech innovator
Processing blood samples at a Singapore clinic in 2007. The Health Ministry said this month that confidential information from its H.I.V. Registry had been illegally disclosed online.CreditCreditRoslan Rahman/Agence France-Presse — Getty Images
Singapore takes pride in being a technology hub where municipal decisions are driven by cutting-edge data science. “Data is the new currency, and with open data, the possibilities are endless!” the government says on its “smart nation” portal.
But that image has been dented by 2 embarrassing data breaches.
Last year, a cyberattack on Singapore’s public health system compromised data from 1.5 million people. And on Monday (Jan 28), the Health Ministry said that medical records for 14,200 HIV-positive people in the city-state had been obtained by an American whose Singaporean partner worked at the ministry. The ministry said it learned on Jan 22 that the records had been illegally disclosed online.
Spore Says Records for 14,200 H.I.V. Patients, Held by American, Were Leaked
Singapore’s Prime Minister Among 1.5 Million Affected by Cyberattack
In latest medical data breach, Singapore authorities fail to live up to standard they set for others
People diagnosed with HIV – some of the most vulnerable people – in Singapore are now the victims of the latest data breach to rock the country in recent months. Yesterday, the Ministry of Health said 14,200 people who were HIV-positive had their personal data stolen and leaked online. Even their “contacts” or partners were exposed as well.
Now, these 14,200 people may not be as numerous as the 1.5 million people affected by the SingHealth cyber attack last year, but the consequences this time are infinitely more dire for the victims. With their identities unmasked, they could face no end of discrimination at home or at work. With their identification numbers and contact details exposed, they are wide open to blackmail.
The ministry has pointed the finger at an “unauthorised person”, who is said to have leaked the data online after being deported from Singapore for drug-related offences last year.
Recent data breaches have tarnished Singapore’s image as tech innovator
The country’s ‘smart nation’ portal says ‘Data is the new currency, and with open data, the possibilities are endless!’
Singapore has long been pushing this island as a technology hub and the government is constantly championing greater use of technology in various sectors to increase efficiency. Unfortunately, two major data breaches have tarnished Singapore’s tech-savvy image.
In 2018, Singapore’s health system suffered a cyberattack that compromised the data of 1.5 million people. Authorities say that the person behind that attack was targeting the medical records of PM Lee Hsien Loong who is a cancer survivor. The perpetrator has been identified and it’s been ascertained that the stolen personal data has not made its way onto the dark web.
In the second breach which was announced just this week (28 Jan), the Ministry of Health said that medical records of 14,2000 HIV positive individuals in the country had been illegally obtained in 2016 and were disclosed online recently.
Recent data breaches tarnish Singapore’s world-class tech hub image
In the past few years, Singapore has built quite a reputation for itself as a world-class tech hub in Asia. Many companies looking for an entrance into the emerging markets in the region have found the city-state to be the best place to start.
As proof of this, 4 out of the 5 top tech companies around the globe now have operations in Singapore with more investments coming in, according to Singapore’s Economic Development Board (EDB). Two years ago, Bloomberg Innovation Index placed Singapore in 6th place, before both the United States and Japan.
China’s tech giants such as Alibaba, Baidu, and Tencent all consider Singapore to be its top investment destination, and American companies Google, Amazon, and Facebook have operations in the country as well. However, recent cybersecurity breaches have cast a shadow on Singapore’s image as a tech hub.
Data Breaches Dent Singapore’s Image as a Tech Innovator
Experts say the breaches highlight the potential pitfalls for Singapore and other countries that are pushing to make vast troves of data more accessible & centralised
Do the public benefits justify the inherent risks to privacy? And can anyone prevent senior officials from misusing information they have at their fingertips?
In addition, the HIV records breach illuminates the widespread stigma and discrimination that people with the virus face in Singapore, a conservative society where gay sex — which accounts for roughly half of new HIV infections in the country — is banned under a colonial-era law.
“Why are people so concerned about their status being known?” said Mr Eamonn Murphy, Asia Pacific director at United Nations agency UNAIDS. “It’s the issue of stigma and discrimination, and it’s familial, for some of them, but clearly workplace: fear of loss of employment.”
Singapore govt to review how it handles data after one too many data breaches
You’ve probably heard of one too many data breaches from Singapore, from the unfortunate data leak of HIV-positive people in Singapore to medical records of 1.5 million Singaporeans compromised in a cyberattack. A few recent data breaches caused by mishandling of data by IT vendors have thus compelled the Singapore government to review its data handling policies, according to local media reports.
“The Smart Nation and Digital Government Office is currently reviewing the Government’s management of data, and will share more when ready,” said a spokesperson from the office to The Straits Times. The office — in charge of driving the government’s digital transformation according to its website — will also be conducting a “deeper investigation” into an incident this month where personal details of some 800,000 blood donors were left exposed on the Internet for two months, the spokesperson told Channel NewsAsia.
The exposed database was discovered by a cybersecurity expert in March and had been reportedly left exposed since January after tech vendor Secur Solutions Group placed the information on an unsecured database. The group was in charge of updating blood donor records.
Cyber-criminals sold 20,000 Singaporean bank cards on the dark web last year – and hundreds of credentials from government sites were stolen in 2 years
Southeast Asia is one of the most actively attacked regions in the world – and Singapore is among the most targeted of the lot, a report has found.
Just last year, close to 20,000 Singaporean bank cards showed up for sale on the dark web, while hundreds of credentials from Singaporean government agencies and educational institutions were stolen over the past two years, Group-IB said.
Group-IB, a company which develops software and hardware for cyber defence, presented the analysis of its Hi-Tech Crime Trends 2018 at Money 20/20 Asia, which is being held in Singapore this week.
Spore paid hackers across world over U$11,000 for finding 26 bugs in gov systems
Sporeans fell for the most ‘CEO scams’ in SEA last year, with hackers earning about
Concerns about cyber attacks, job insecurity eroded trust in Gov & NGOs: Report
Singapore public sector reports yet another security lapse
Following a spate of security breaches affecting healthcare patients in the country, another Singapore public sector agency has reported that personal information of 808,201 blood donors was left vulnerable after a third-party vendor failed to securely protect a server containing the data. The database contained registration-related information such as donors' name and national identification number and, in some instances, blood type and weight.
The external contractor, Secur Solutions Group, was provided the data for updating and testing. Secur stored the information in a web-connected server on January 4 this year, according to the Health Sciences Authority (HSA), and was made aware of the security hole on March 13.
The Singapore government agency said in a statement on Friday that a cybersecurity expert had uncovered the vulnerability and alerted the Personal Data Protection Commission (PDPC). The health agency said one of Secur's servers had contained the database, but "was not adequately safeguarded against access over the internet" and the vendor had failed to implement adequate measures to prevent unauthorised access. It added that the system did not contain other medical or contact information.
Strengthening cybersecurity through digital defence
Following recent cyber security breaches, Singapore’s Government has added Digital Defence to the country’s Total Defence framework. In announcing the move, Ministers stressed the need to strengthen cybersecurity as part of the national agenda.
In his budget speech, Finance Minister Heng Swee Keat announced that the Government will spend about S$22.7b, or about 30% of its total expenditure in Financial Year (FY) 2019, on defence, security and diplomacy. Mr Heng emphasised that security threats are evolving and becoming more complex, noting that the terrorism threat to Singapore remains high. For instance, authorities continue to detect radicalised individuals in Singapore, whilst attacks perpetrated by these individuals and cells rise globally.
As a signal of how seriously the country is taking this issue, Minister for Communications and Information and Minister-in-Charge of Cybersecurity Mr S Iswaran announced the following day that Singapore has added Digital Defence as the sixth pillar to its Total Defence framework. The original five pillars are military, civil, economic, social and psychological defence.
Singapore government credentials found on dark web
Russian cyber security vendor, Group-IB, has reported a rise in cyber crime activity focused on Asia, and in particular Singapore. In 2018, around 20,000 bank cards belonging to Singaporeans appeared for sale on the dark web, in addition to hundreds of compromised government portals’ credentials stolen by hackers throughout the past two years.
In fact, the number of leaked cards increased by 56 per cent in 2018, while the total value of Singaporean banks’ cards compromised in 2018 is estimated at nearly $640,000. The situation in Southeast Asia and Singapore, in particular, has surpassed other regions, including the US and Europe, in the number of state-sponsored groups detected.
Within the space of a year, 21 state-sponsored groups, which is more than in the US and Europe combined, were detected in Southeast Asia, which included Lazarus, a notorious North-Korean state-sponsored threat actor, according to Group-IB Hi-Tech Crime Trends 2018 report.
With personal data comes great responsibility
TWO words were at the tip of everyone's tongue last year: data protection. With the flurry of companies scrambling to comply with the EU's General Data Protection Regulation (GDPR) in May and the aftermath of the SingHealth cyber attack that compromised the data of about 1.5 million patients, including the personal data and medical information of Singapore Prime Minister Lee Hsien Loong, 2018 was arguably the wake-up call that most Internet users needed to start questioning the whereabouts of their personal data and what it was really used for.
According to a joint study by Google and Temasek in November 2018, South-east Asia's Internet economy reached an inflection point last year; and Internet industries - including e-commerce, online travel and ride hailing - are expected to hit a value of US$240 billion by 2025.
With the rise of the digital marketplace, how should Singapore businesses handle such online transactions and its interactions with customers and their personal data?
Spate of Data Breaches In Singapore
10 Major Data Breaches In Singapore, that Explain Why We Must Prioritise Cybersecurity
Data Breaches Have Been On The Rise In Singapore. Singapore was ranked the safest country in the world based on a report by the World Justice Project in 2018. However, it seems that data breaches are threatening our online safety.
In 2019 alone, there were 3 major data leaks that affected millions of Singaporeans. Over the years, there have been other high profile cases that you may have forgotten.
We revisit a few breaches that threatened Singapore since the ‘internet age’:
- MOH, MOE accounts sold on the dark web in 2019
- Blood-donors personal information exposed in 2019
- HIV data leak in 2019
- SingHealth got hacked in 2018
- MINDEF got hacked in 2017
- WannaCry Ransomware 2017
- K Box Data Breach in 2014
- SingPass leaks in 2014
- Anonymous attacks in 2013
- Y2K bug in 1999
Spate of MOH's slip-ups
Passwords and usernames of staff from MOH, MOE and other agencies stolen and put up for sale by hackers
E-mail log-in information of employees in several government agencies & educational institutions, as well as details of more than 19,000 compromised payment cards from banks here, have been put up for sale online by hackers.
Russian cyber-security company Group-IB revealed on Tuesday (Mar 19) that it discovered the user log-ins and passwords from several government organisations on the dark Web over the last two years. The compromised payment card information, which it said was valued at more than $600,000, was found last year.
According to a press release from Group-IB, the organisations involved include the Government Technology Agency (GovTech), Ministry of Education, Ministry of Health and the Singapore Police Force, as well as the National University of Singapore.
HIV status of 14,200 people leaked online
Ler Teck Siang (foreground) leaving the High Court during his appeal against his conviction and sentence for cheating offences. (Photo: Gaya Chandramohan)
The doctor at the centre of the HIV data leak in Singapore could face further disciplinary action after his medical registration was suspended for nine months, the Singapore Medical Council (SMC) announced on Tuesday (Mar 12).
Ler Teck Siang was found guilty in September last year for helping his partner Mikhy Farrera Brochez deceive the Ministry of Manpower (MOM) about Brochez's HIV-positive status, and for giving false information to the Ministry of Health (MOH) and the police.
The suspension, which came into effect on Mar 7, was ordered by an Interim Orders Committee (IOC), said the SMC.
MOH: IT error causes about 7,700 Singaporeans to receive wrong CHAS subsidies
The Ministry of Health (MOH) released a statement on February 16 (Saturday), saying that about 7,700 people who applied or renewed their Community Health Assist Scheme (CHAS) cards between September and October last year received miscalculated subsidies. The error was caused by a computer system malfunction. CHAS is an initiative by the government to provide healthcare subsidies to its members.
According to an article published by Channel NewsAsia, about 1,300 of the individuals affected by the software issue received lower subsidies while the other 6,400 got more than what was due to them. The excess and deficit amounts were estimated to be about S$2 million and S$400,000 respectively. The S$2 million will be covered for by NCS, the IT services and solutions provider who administered the computer system, as per their contract.
The individuals who received lower subsidies will have the lacking amount reimbursed. On the other hand, those who got an excess could keep the difference.
SingHealth system hit by 'massive' cyberattack
In the wake of Singapore's worst data breach to date, members of the public need to be alert to scammers who may tap on these emotions to trick them into giving up even more personal information, warned cybersecurity experts.
The authorities revealed last Friday that hackers had accessed the personal information of some 1.5 million people who visited SingHealth's hospitals, specialist centres & polyclinics between May 1, 2015, and July 4 this year.
Experts that The New Paper spoke to said such incidents could lead to identity theft, fraud & social engineering attacks, which use human psychology to manipulate victims into revealing confidential information.
Singapore is a top hacking nation
Forget about being a Smart nation or a startup country The city-state has made into the podium as one of the top ten attacking countries, based on data from (Threatmap). The website tracks malicious cyber-attacks across the globe and consistently ranked the top aggressors in cyber-attacks. One glance on the list of top ten attacking countries, one will find the great powers of the world pitting each other for glory and honors in the cyberspace.
However, a nation or rather a city-state stood out from the rest of big countries with likes of USA, Russia, UK, Germany and China. Surprise, surprise … the city-state is none other than Singapore. According to Threatmap, the island-nation is placed on the fourth position among the top attacking countries. Singapore has held the same position rather consistently over the past two weeks, which saw almost an average cyber-attacks of 14 million cases over the world daily.
The first place in the hit-list among the Singaporean hackers is reserved for USA and the city-state is likely to inflict its target with tons of malwares. By computation, Singapore’s favorite weapons of choice belongs to access to malicious resources at 61.7%, followed by bot communication at 30.3%, then malicious file transfer at 0.9% and others malwares at 7.1%. Meanwhile, the “numero uno” or first-place among the top attacking countries is conferred to Russia which infects other machines and global networks mostly with bot communications. Ironically, Russia is also placed consistently as the number one target by hackers all over the world.
Data breaches dent Singapore’s image
Spate of Data Breaches In Singapore
Spate of MOH's slip-ups
HIV status of 14,200 people leaked online
MOH: IT error causes about 7,700 S'poreans to receive wrong CHAS subsidies
SingHealth system hit by 'massive' cyberattack