Saturday, 21 July 2018

Data Theft at SingHealth

Sometime yesterday evening, Singapore was the recipient of unwelcome news. Suspicious server activity had been detected about two weeks ago on 4th July, with the personal and medical records of roughly 1.5 million people in SingHealth's database stolen. That's right; while Americans were celebrating their Independance Day, Singapore was experiencing the most serious breach of data security in her history.


What this means for you, is that if you had visited any Polyclinic or Government Hospital / Medical Facility as a patient recently (say, in the past few years), there's a chance that your personal and medical records are in someone else's grubby little hands now. My mother and some of my colleagues have already reported receiving an SMS from from SingHealth informing them of such.

According to Prime Minister Lee Hsien Loong yesterday, his own medical data had also been targetted "specifically and repeatedly". This basically implies that it was a deliberate attack and not something your neighborhood kiddy script user would do on a lark.

The Good News

Records were accessed, but not doctored (pun intended). Your ongoing treatments and billing aren't affected. (Though if your treatment is remarkably expensive, you may not consider this good news.)

Since kicking the cyberattacker out of the system on Jul 4, further attacks were observed but no further data were illegally stolen, the ministries said, adding there was no disruption of healthcare services during the period of the cyberattack and patient care has not been compromised.

The above was reported by ChannelNewsAsia. Shit standard of English aside, (what the holy fuck does "illegally stolen" mean? As opposed to what? Having it stolen legally? Get lost, you knobs.), the Government isn't simply sweeping this incident under the carpet and hoping no one will notice, and is taking this seriously.

The Bad News

Your personal records such as name, NRIC and residential addresses were stolen. If there are any online systems out there that merely require a name and NRIC for registration, you may or may not find yourself the victim of identity theft. If you have the particularly bad habit of using your NRIC number as your email password, now would be a great time to change it.

Phishing attacks are also a distinct possibility with the data stolen. Think someone sending you requests for more data using the stolen data of someone you may know and trust... the possibilities are endless. In particular, imagine someone asking for some information about your bank account, and being armed with details like your NRIC, date of birth and telephone number.

What does this mean for Singapore?

From the perspective of being attacked, this is but a drop in the ocean. Not to trivialize the event, but Government agencies all over the world get cyber-attacked constantly and Singapore is no exception. Something was bound to get through eventually. The important thing is to be able to respond and recover swiftly. The world isn't going to end tomorrow just because of this. The average man in the street shouldn't be too worried, though people in the departments of our Government's cyber-security certainly should be.

Be vigilant, paranoid even, and don't make the mistake of thinking something is safe simply because it's stored by the Government. That's one of the first places they attack.

From the perspective of being successfully attacked, it's time to think of what would happen if the attackers had gone for, say, our military database instead. You can't take anything for granted these days, and this latest incident is testament to that.

Stay healthy,
T___T

No comments:

Post a Comment