Cyber-criminals have stolen a whole bunch of personal and patient data in a record-breaking hack which contained data between June to July 2018.
The hacking, according to Singapore authorities was well-executed, well-planned and precisely aimed towards attacking the country’s largest group of hospitals and other healthcare institutions. More than 1 Million patient’s personal records have been accessed and copied according to the authorities.
The theft was not the work of the usual hackers or underground criminal groups, but a concentrated effort of several entities or individuals keen on disrupting operations and compromising major healthcare services in the region.
Singapore security officials were able to determine that the breach was detected on a front-end computer terminal via administrative access to the databank for a certain period of time.
They added that the attackers were so careful not to leave behind any trace of the breach.
One critical angle being considered by the CSA and the Ministry of Communications and Information regarding the breach is that the hackers are especially interested in acquiring the personal information of the country’s Prime Minister, Lee Hsien Loong.
According to the Health Ministry, the Prime Minister’s records were repeatedly queried and attacked, specifically the medicines he’s been receiving.
The CSA declined to provide any information regarding the attackers but they may have an idea on who might be behind the said attack. The CSA Chief David Koh added that the information they have regarding the identities or nationalities of the attackers are sensitive because of security reasons.
About the stolen data, none of the information was leaked or modified according to the CSA. They have already coordinated with different agencies to recover and secure all the information and deployed the appropriate counter-measures.
Moreover, during the attack, there was no recorded instance of service disruption in the healthcare services of the hospitals and patient care was not jeopardized whatsoever.
The Singaporean Government has already called out its Security Ministries to assess the current healthcare system and how it can step up its cyber security protocols. Experts from other countries are also being called to assist in threat management, IT systems and organizational processes, and manpower skills.
This is somewhat of a wake-up call not just for the country of Singapore, but for all other nations, including their branches of governments, to accept that cyber threats are real and the only way to defend against it is to constantly strengthen and secure their IT systems and cyber-security.