SingHealth Patient Records at the Wake of Data Breach
With 1.5 million patient records breached including the health record of the Prime Minister, Lee Hsien Loong himself, Singapore is trying to recover from the biggest data breach of their healthcare industry. SingHealth is the largest healthcare firm in the city-state employing around 12,000 medical professionals was the target of June 27 to July 4 Cyber attack. In the wake of the security breach, Prime Minister Lee has expressed his desire for the attackers to be identified and captured in the name of the victims. The patients are now under the stress of becoming victims of identity theft in the near future.“This will be a ceaseless effort, Those trying to break into our data systems are extremely skilled and determined. They have huge resources and never give up trying. If we discover a breach, we must promptly put it right, improve our systems and inform the people affected,” PM Lee said.
Non-medical data involved in the breach were:
This also includes medicine prescription records of 160,000 patients, including the Prime Minister’s. “The attackers targeted my own medication data, specifically and repeatedly. I don’t know what the attackers were hoping to find. Perhaps they were hunting for some dark state secret, or at least something to embarrass me. If so, they would have been disappointed. My medication data is not something I would ordinarily tell people about, but there is nothing alarming in it. When SingHealth digitised its medical records, they asked me whether to computerise my own personal records too or to keep mine in hardcopy for security reasons. I asked to be included. Going digital would enable my doctors to treat me more effectively and in a timely manner. I was confident that SingHealth would do their best to protect my patient information, just as it did for all their other patients in the database,” PM Lee concluded.
As per Singapore law, under CyberSecurity Act will take effect, as it covers all the issues about cyber attacks, hacking and phishing. A special provision with the law that is poised for the healthcare industry, as it is defined as an essential service.
“We are watching to see if anything appears on the Internet both in the open and in some of the less well-known websites. But considering the type of data that’s been exfiltrated, it is – from our professional experience – unlikely that these will appear, because there is no strong commercial value to these types of data. These occurrences have happened even in some of the most secure systems around the world. So I think we have to keep the incident in perspective and then allow due process to take its course,” said David Koh, chief executive of CSA.
How much is the damage inflicted overall? Well, if we can trust Forbes each medical record can go as high as $1,000 USD each on the black market. Patients are advised to be alert, as the data breach increased their chance to become a victim of identity theft.
Non-medical data involved in the breach were:
- Date of Birth
- Gender
- Race
- Address
- NRIC number
- Fullname
This also includes medicine prescription records of 160,000 patients, including the Prime Minister’s. “The attackers targeted my own medication data, specifically and repeatedly. I don’t know what the attackers were hoping to find. Perhaps they were hunting for some dark state secret, or at least something to embarrass me. If so, they would have been disappointed. My medication data is not something I would ordinarily tell people about, but there is nothing alarming in it. When SingHealth digitised its medical records, they asked me whether to computerise my own personal records too or to keep mine in hardcopy for security reasons. I asked to be included. Going digital would enable my doctors to treat me more effectively and in a timely manner. I was confident that SingHealth would do their best to protect my patient information, just as it did for all their other patients in the database,” PM Lee concluded.
As per Singapore law, under CyberSecurity Act will take effect, as it covers all the issues about cyber attacks, hacking and phishing. A special provision with the law that is poised for the healthcare industry, as it is defined as an essential service.
“We are watching to see if anything appears on the Internet both in the open and in some of the less well-known websites. But considering the type of data that’s been exfiltrated, it is – from our professional experience – unlikely that these will appear, because there is no strong commercial value to these types of data. These occurrences have happened even in some of the most secure systems around the world. So I think we have to keep the incident in perspective and then allow due process to take its course,” said David Koh, chief executive of CSA.
How much is the damage inflicted overall? Well, if we can trust Forbes each medical record can go as high as $1,000 USD each on the black market. Patients are advised to be alert, as the data breach increased their chance to become a victim of identity theft.
Post a Comment