• About
  • Advertise
  • Testimonials
  • Contact
Sunday, 8 December, 2019
No Result
View All Result
OpenGov Asia
SUBSCRIBE
  • Academy
  • Channels
    • Augmented Intelligence
    • Big Data
    • Cloud
    • Cyber Resilience
    • Digital Economy
    • Digital Transformation
    • Education
    • FSI Fintech
    • Healthcare
    • IoT
    • Mobility
    • Open Data
    • Public Safety
    • Smart Cities
    • All
  • Countries
    • Australia
    • China
    • Hong Kong
    • India
    • Indonesia
    • Malaysia
    • New Zealand
    • Philippines
    • Singapore
    • Taiwan
    • Thailand
    • Vietnam
    • Global
  • Events
    • Upcoming Events
    • Past Events
  • Expert Opinions
  • Awards
  • White Papers
  • Academy
  • Channels
    • Augmented Intelligence
    • Big Data
    • Cloud
    • Cyber Resilience
    • Digital Economy
    • Digital Transformation
    • Education
    • FSI Fintech
    • Healthcare
    • IoT
    • Mobility
    • Open Data
    • Public Safety
    • Smart Cities
    • All
  • Countries
    • Australia
    • China
    • Hong Kong
    • India
    • Indonesia
    • Malaysia
    • New Zealand
    • Philippines
    • Singapore
    • Taiwan
    • Thailand
    • Vietnam
    • Global
  • Events
    • Upcoming Events
    • Past Events
  • Expert Opinions
  • Awards
  • White Papers
No Result
View All Result
OpenGov Asia
No Result
View All Result
Home Cyber Resilience

SingHealth cyberattack caused by combination of personnel and system errors

SingHealth cyberattack report finds gaps in cyber security awareness and weaknesses in network infrastructure.

by Mohit Sagar
11 January, 2019
in Cyber Resilience, Digital Transformation, Healthcare, News, Public Safety, Singapore
SingHealth cyberattack caused by combination of personnel and system errors

Credit https://www.sgh.com.sg/ and https://www.todayonline.com/singapore

242
SHARES
1.2k
VIEWS
Share on LinkedInShare on Twitter

A committee of Inquiry (COI) was set up last July to investigate the events and contributing factors that lead to Singapore’s worst ever cyberattack. It was set up shortly after the Ministry of Health announced that almost 1.5m SingHealth patient records had been compromised including that of Prime Minister Lee Hsien Loong.

The aim of the committee was not only to look at events leading up to the attack, but to establish how IHiS and SingHealth responded. They were tasked with making recommendations to reduce the risk of such attacks on government systems containing large volumes of personal data.

Their findings were passed to Mr Iswaran, Minister in charge of Cybersecurity on New Year’s Eve, and then published yesterday (Thursday 10 January).

It was established the attacker first accessed SingHealths IT network in August 2017, and then moved through the network between December 2017 and June 2018. The cyber attack was first noticed in June 2018 by IHiS IT administrators after unauthorised logins and failed attempts to access the Sunrise Clinical Manager (SCM) database, they thought these attempts had been terminated but they did not realise the hacker had access and had already began exfiltrating patient data.

Unusual activity was also noticed on July 4, but it wasn’t until July 9 that the appropriate management and departments were notified. Investigations into this breach then began on July 10. A public announcement was made on July 20.

Lack of Cybersecurity awareness

Although the suspicious activity had been noticed, the report stated that the seriousness of these incidents was not realised by personnel who also ‘were not familiar with IT security policy and the need to escalate to the CSA.’ Key staff in key roles in IT security response and reporting failed to take timely and appropriate action resulting in missed opportunities to prevent the data breach.

Weaknesses in the SingHealth Network and Sunrise Clinical Manager (SCM) System

The report found that an open network connection between Citrix SGH servers and SCM database was a weakness that allowed the hacker make queries on the database. It also found that servers were not secured well enough against unauthorised access. In early 2017, vulnerabilities in the network had been identified, but the committee discovered that these had not been resolved before the attack which may have been exploited by the attacker.

Recommendations to prevent future public sector cyber attacks

The committee made 16 recommendations of which 7 are priority recommendations to improve incident response plans for similar attacks and suggestions to better protect the SingHealth system and protect other government databases containing large amounts of personal data.

Their first was the IHiS & public health institutions must adopt an enhanced security structure. Systems should be reviewed to ensure it is able to defend and respond to advanced threats, staff knowledge on cybersecurity should be improved. They also recommended that enhanced security checks should be performed on systems with tighter controls on administrator accounts as well as incident response processes to be improved. Collaboration between industry and government was advised to achieve a higher level of collective security.

The report stated that the recommendations outlined should take priority and that they should be given the resources and attention for their implementation. It was advised that this should come from senior management in order to set organisational mindset and culture.

The report noted that ‘these imperatives apply equally to all organisations responsible for large databases of personal data. We must recognise that cybersecurity threats are here to stay, and will increase in sophistication, intensity and scale. Collectively, these organisations must do their part in protecting Singapore’s cyberspace and must be resolute in implementing these recommendations.’

Mr Iswaran and Health Minister Gan Kim Yong will address the report on 14 January during Parliament in ministerial statements. More learning to come shortly…

To read full report click here

Next Post
Innovative tech to protect Indonesian female migrant workers abroad

Innovative tech to protect Indonesian female migrant workers abroad

Comments 1

  1. Pingback: UOB report identifies areas of expected expenditure for 2019 budget | OpenGov Asia

Recommended

New tech under Singapore’s Home Team Science and Technology Agency

New tech under Singapore’s Home Team Science and Technology Agency

4 days ago
Singapore to have its first brain bank

Singapore to have its first brain bank

6 days ago
Screening tech to boost early detection of Parkinson’s disease

Screening tech to boost early detection of Parkinson’s disease

5 days ago
Malaysian workers digital knowledge key for 2020

Malaysian workers digital knowledge key for 2020

4 days ago

Popular News

  • Police clearance applicants in the Philippines can pay online through Land Bank's e-payment channel

    Police clearance applicants in the Philippines can pay online through Land Bank’s e-payment channel

    883 shares
    Share 353 Tweet 221
  • Exclusive: ABN AMRO staying ahead of the game

    111 shares
    Share 44 Tweet 28
  • The current state of cyber security in India

    1415 shares
    Share 575 Tweet 350
  • Thailand Drafts Ethics Guidelines for AI

    161 shares
    Share 79 Tweet 34

Channels

  • Augmented Intelligence
  • Big Data
  • Cloud
  • Cyber Resilience
  • Digital Economy
  • Digital Transformation
  • Education
  • FSI Fintech
  • Healthcare
  • IoT
  • Mobility
  • Open Data
  • Public Safety
  • Smart Cities
  • All

Newsletter

OpenGov releases new digital content daily on trending topics within technology and the public sector. Join our newsletter to have weekly digests of our content conveniently sent to your email address.

 SUBSCRIBE

OpenGov Asia

  • About
  • Testimonials
  • Advertise
  • Career
  • Cookies Policy
  • Privacy Policy
  • Contact

About Us

OpenGov is a content platform, dedicated to sharing ICT-related knowledge and information between governments. We focus on the public sector in the Asia-Pacific region. We help governments become more Efficient, Agile, Transparent and Secure, so as to improve the lives of their citizens.

  • About
  • Testimonials
  • Advertise
  • Career
  • Cookies Policy
  • Privacy Policy
  • Contact

© 2019 OpenGov Asia - CIO Network Pte Ltd.

No Result
View All Result
  • Academy
  • Channels
    • Augmented Intelligence
    • Big Data
    • Cloud
    • Cyber Resilience
    • Digital Economy
    • Digital Transformation
    • Education
    • FSI Fintech
    • Healthcare
    • IoT
    • Mobility
    • Open Data
    • Public Safety
    • Smart Cities
    • All
  • Countries
    • Australia
    • China
    • Hong Kong
    • India
    • Indonesia
    • Malaysia
    • New Zealand
    • Philippines
    • Singapore
    • Taiwan
    • Thailand
    • Vietnam
    • Global
  • Events
    • Upcoming Events
    • Past Events
  • Expert Opinions
  • Awards
  • White Papers

© 2019 OpenGov Asia - CIO Network Pte Ltd.

This website uses cookies to improve your experience. By using this site, you agree to our Privacy Policy. Accept Reject