SecurityBrief Asia logo
Asia's leading source of cybersecurity and cyber-attack news
Story image

SingHealth breach hits 1.5 million patients after 'deliberate, well-planned attack'

FYI, this story is more than a year old

Singapore healthcare provider SingHealth was of a major cyber attack that occurred between June 27 and July 4 this year.

SingHealth says at least 1.5 million patients who visited any SingHealth outpatient clinic or polyclinic between 1 May 2015 and 4 July 2018 may be affected by the breach.

The attackers accessed and copied non-medical personal information, including names, NRIC numbers, addresses, genders, races, and dates of birth. In addition, the attackers also stole information about outpatient dispensed medicines belonging to 160,000 patients.

SingHealth is contacting all patients who visited clinics within the 1 May 2015 – 4 July 2018 timeframe to inform them if their data has been affected.

 “The records were not tampered with, i.e. no records were amended or deleted. No other patient records, such as diagnosis, test results or doctors' notes, were breached. We have not found evidence of a similar breach in the other public healthcare IT systems,” a statement says.

The breach was discovered by Integrated Health Information System (IHiS) database administrators on July 4 and immediately worked to stop the breach and put extra security in place.

Further information from the Cyber Security Agency of Singapore (CSA) shows that the attackers accessed the SingHealth IT system through a breach in a front-end workstation.

“They subsequently managed to obtain privileged account credentials to gain privileged access to the database. Upon discovery, the breach was immediately contained, preventing further illegal exfiltration.

On July 10, The Ministry of Health, SingHealth, and CSA were informed after investigations confirmed the attack.

On July 12, SingHealth lodged a police report, and police investigations are ongoing.

“With heightened monitoring, further malicious activities were observed. However, no further illegal exfiltration has been detected since 4 July 2018. All patient records in SingHealth's IT system remain intact. There has been no disruption of healthcare services during the period of the cyber attack, and patient care has not been compromised.

IHiS and CSA have also included further security measures including internet user and systems account resets, additional workstation and server controls, system monitoring controls, and internet surfing separation.

“Similar measures are being put in place for IT systems across the public healthcare sector against this threat.

The CSA and IHiS are investigating the incident and say the attack was not the work of casual hackers or criminal gangs, but it was deliberate, targeted, and well-planned.

They further say that the attacker repeatedly targeted Prime Minister Lee Hsien Loong's personal information and information about his outpatient dispensed medicines.

According to cybersecurity experts from Sophos and Bromium, the breach is 'very serious'.

“The data stolen in this breach is an identity thief's goldmine," comments Sophos senior technologist Paul Ducklin.

"It's a startling reminder to all Singaporeans that there is no such thing as 'cyber attackers would never care about little old me' – once your data is scooped up in a cybersecurity blunder of this sort, you simply can't control where it will go next. Anyone affected in this breach has no choice but to assume that their personal information will end up for sale in the cyber underground, ready for active abuse by cybercrooks.

Bromium EMEA chief technology officer Fraser Kyne adds,  “This is a very serious breach given the sensitivity of the data accessed, and the sheer volume of records. It appears the initial infection came through a single user endpoint being infected with malware, which then worked its way through the network. This once again highlights how today's cybersecurity is a house of cards – it just takes one person to click on the wrong thing for the whole thing to come crashing down. Only when we admit that we cannot detect and stop threats, and instead start focusing on minimising harm, can we ever hope to disrupt hackers. The simple fact is that if the endpoint was isolated, then the hacker would have had nowhere to go and nothing to steal."

“Yet it also highlights the fact that we can no longer trust our networks or most of our endpoints. Hackers will inevitably find a way in. Air-gapping can be an effective solution, but it is impractical when you have multiple employees trying to access a business critical application. Instead, we need to shrink protection to application level. By protecting applications that store our most sensitive and critical data, even if the device or network is compromised, that application cannot be touched as it will be invisible to the device and network.

The Ministry of Health is now instructing IHiS to review the public healthcare system and its security, with input from third party experts.

They will be focusing on cyber threat prevention, detection, and response across cybersecurity policies, threat management processes, IT system controls and organisational and staff capabilities.

 “All patients, whether or not their data were compromised, will receive an SMS notification over the next five days. Patients can also access the Health Buddy mobile app or SingHealth website to check if they are affected by this incident.

Advisories have been sent to all healthcare institutions, public and private, on the cybersecurity precautions and measures to be taken.

Related stories
Top stories
Story image
Malware
Black Lotus Labs discovers new, multipurpose malware
Black Lotus Labs, the threat intelligence team at Lumen, has discovered a new, rapidly growing, multipurpose malware written in the Go programming language.
Story image
Distributed Denial of Service
Sysdig reveals a loss of $53 for every $1 cryptojackers gain
The 2022 Sysdig Cloud Native Threat Report breaks down supply chain attacks against containers and how geopolitical conflict influences attacker behaviours.
Story image
Firewall
Barracuda accelerates growth in its data protection business
Barracuda cloud-to-cloud backup protects against evolving cyber threats, such as ransomware, and is now transactable in the Azure Marketplace.
Story image
Apple
Jamf shows intent to acquire mobile security firm ZecOps
This acquisition positions Jamf to help IT and security teams strengthen their organisation’s mobile security posture.
Story image
Work from home
Jamf showcases new products to simplify and secure work
At the 13th annual Jamf Nation User Conference, the company shared how its continuous product innovation is helping organisations succeed with Apple.
Story image
Network Management
Fortinet introduces enhanced AIOps across its gateways
FortiAIOps builds on Fortinet's rich history of developing artificial intelligence to deliver actionable network insights for self-optimising management.
Story image
Kaspersky
Cybersecurity loopholes prevalent in South East Asia
In terms of the share of vulnerabilities with publicly available exploits, three countries out of top five are located in Southeast Asia.
Story image
Cloud
How modern IT architectures are moving beyond network visibility
Dealing with multiple cloud providers makes it difficult to identify security threats and performance bottlenecks and troubleshoot issues.
Story image
Enterprise
Delinea shares the importance of PAM, partners and security for modern enterprise
Identity-based security is becoming a crucial tool for modern enterprises as they continue to adapt to different working environments.
Story image
Malware
Kaspersky uncovers new malicious malware NullMixer
Kaspersky researchers have uncovered a new malware stealing users credentials, address, credit card data, cryptocurrencies, and accounts.
Story image
Malware
Decrease in malware volume, but surge in encrypted malware
The Q2 Internet Security Report found office exploits continue to spread more than any other category of malware.
Story image
Threat intelligence
Trellix advances threat intelligence with new research centre
Trellix has announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Story image
Cybersecurity
Test your API Security with Infinite API Scanner
The effectiveness of API scanning technology can mean the difference between successful and unsuccessful programming outcomes, and often enterprises and IT leaders struggle to get it right.
Story image
Software-as-a-Service
Enterprises yet to fully commit to cybersecurity - CompTIA
“Digital transformation driven by cloud and mobile adoption requires a new strategic approach to cybersecurity, but this poses significant challenges."
Story image
Cybersecurity
De-risking the innovation cycle – a modern, real-time approach to security
Many organisations see cybersecurity as an inhibitor of innovation, with burdensome protection measures standing in the way of progress and speed.
Story image
Software-as-a-Service
Varonis adds secrets discovery to data classification
The data security firm announces enhancements that detect and remediate overexposed private keys, encryption certificates, API keys, and authentication tokens.
Story image
Phishing
Vectra Protect team finds Microsoft Teams vulnerability
The Vectra Protect team identified a post-exploitation opportunity in August, allowing malicious actors to steal valid user credentials from Microsoft Teams.
Story image
Cybersecurity
Video: 10 Minute IT Jams - An update from SearchInform
Val Novoselova joins us today to to discuss new trends in the information security space, and how SearchInform is adapting to some of the new trends we are seeing.
Story image
Cybersecurity
Best practices for industrial cyber resilience
Operational technology (OT) security is gaining more attention than ever before, but sufficient understanding of what it takes to prevent breaches is still lacking amongst many organisations.
Story image
Cybersecurity
Ransomware attacks continue to increase, report finds
Nearly a quarter of businesses have suffered a ransomware attack, with a fifth occurring in the past 12 months.
Story image
IT Training
Six ways to transform your cybersecurity training and influence lasting change
If the goal is to win hearts and minds, formal awareness training can fall short and often doesn’t inspire people to care.
AWS Marketplace
Whitepaper: A practical guide for mitigating risk in today’s modern applications
Link image
Story image
Malware
Cybereason delivers nation-state level of protection to enterprises
Cybereason has announced new advancements in Cybereason NGAV that deliver nation-state level protection for organisations of all sizes.
Story image
Secure Code Warrior
Secure Code Warrior announces Coding Labs innovation
Coding Labs mechanisms allow developers to move from learning to applying secure coding knowledge more efficiently, leading to fewer code vulnerabilities.
Aws Marketplace
Learn how to implement a backup and recovery plan for a new generation of Kubernetes-based modern applications
Link image
Story image
Data Protection
Cloudflare brings Data Localisation Suite to more APAC businesses
This allows any business in these countries to service their data locally while benefiting from the speed, security, and scalability of Cloudflare’s global network.
Story image
Ransomware
Commvault unveils early warning system, Metallic ThreatWise
A first among data protection vendors, the new cyber deception service detects and contains ransomware threats.
Story image
Edge Security
Security practices for modernising the “spaghetti” of on-premises IT
Many organisations are wondering how to securely modernise their workload, often made up of a “spaghetti” of on-premises applications and management consoles.
Story image
Cloud Security
75% of AU companies had cloud security incident in past year
According to new Venafi research, complexity is due to increase, as companies plan to host more applications in the cloud.
Story image
Cybersecurity
Kaspersky updates endpoint detection and response solution
"One of the goals was to make all the solutions capabilities accessible for all types of our users, even those who are making their first steps in EDR."
Story image
Ransomware
Delinea updates DevOps security, remote access more seamless
New enhancements include development support on the most recent Mac computers and improved secrets' management usability through automation.
Story image
Artificial Intelligence
Ordr improves security and management of connected devices
It has implemented more than 80 integrations within the Ordr Data Lake while adding security enhancements to accelerate zero trust segmentation.
Story image
Malware
SonicWall threat report mid-year update highlights significant threat variance
The 2022 SonicWall Cyber Threat Report mid-year update from SonicWall gives an in-depth insight into many of the current trends across the threat landscape.
Story image
Cybersecurity
Macroeconomic headwinds driving security up priority list
Current macroeconomic headwinds are driving security up enterprise’s priority list and reshaping the hardware Security Module market.
Story image
Legacy
Trellix enables greater cyber resiliency with extended XDR platform
"Legacy SIEM technology has failed to modernise security operations. We are confident Trellix XDR fills this critical gap.”
Story image
Mobile Device Management
How to easily scale your mobile workforce and devices for the peak shopping season
Retailers are under constant pressure to streamline processes and become more efficient while looking for ways to improve customer satisfaction levels.
Story image
Hybrid Cloud
Hybrid cloud security driving need for deep observability
Gigamon is bringing application and network-level intelligence together to help network, security, and cloud IT operations teams eliminate security blind spots.
Story image
Virtual Private Network
95% of organisation rely on VPN as threats continue - report
There is a growing number of VPN-specific security threats and a need for Zero Trust security architecture in enterprise-level organisations.
Story image
Cybersecurity
StackHawk launches deeper API security test coverage
Expansion of test coverage includes custom scan discovery, custom test scripts and custom test data for REST APIs.
Story image
Cybersecurity
Employees unsure who to go to to report security incident
A new study shows more than 20% of the untrained global workforce do not know who to contact during a security breach.