Cybersecurity

Singapore privacy watchdog fines healthcare provider for cyberattack

Singapore’s largest healthcare provider was fined Sg$250,000 and its security vendor Sg$750,000 for the massive data breach that also affected Prime Minister Lee Hsien Loong.

After receiving the findings of a four-member Committee of Inquiry (COI) assigned to investigate the cyberattack early this month, the Personal Data Protection Commission (PDPC) imposed a total of Sg$1 million (around $740,000) to SingHealth and its IT vendor Integrated Health Information Systems (IHiS).

The findings, according to the news story of Straits Times, contains sensitive information and classified as Top Secret for concerns on national security.

The report found out that SingHealth left the duties of securing the patients’ data to its third-party supplier, in this case, the IHiS.

The investigating committee called on 37 witnesses in a 22-day public hearing. The attack is believed to be state-sponsored and committed by experienced criminal hackers.

The Singapore government disclosed the cyberattack in June last year. It exposed personal data of 1.5 million SingHealth patients and even outpatient prescription information of 160,000 people. The country’s prime minister was not spared from the attack.

The severity of the attack is massive that it prompted IHiS to fire employees who were found to have neglected their duties. The chief executive and some members of the senior management team were given hefty fines.

SingHealth took responsibility for the incident.

The government has ramped up its cybersecurity solutions and accepted the recommendations of COI. This may include “increased automation of the roll-out of software patches, and audits and drills will be intensified. Internet surfing separation and the use of a virtual browser are also in the works for the healthcare sector,” according to the report of The Straits Times.

The government acknowledged that this will not be the last time they will be targeted and is looking at more long-term solutions such as a tiered model for internet access. It will identify which specific jobs need access to the internet. It is also considering managed use of the web through the use of separate devices without having to connect to the internet.

Image by Sasin Tipchai/Pixabay

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.