Singapore's healthcare hack has been the recent talk of the town. Officials have stated that over 1.5 million records have been stolen from the government healthcare database.
The Government of Singapore has recently released that the hack on SingHealth was one of the biggest and sophisticated cybersecurity breaches that has happened to them over the last few years. This was sighted as a deliberate, targeted and well-planned attack. According to sources, the data acquired by hackers included names and addresses but not medical records, other than medicines dispensed in some cases.
This is a clear indication of violation of the PDPA act that Singapore recently launched. This act holds the entity hacked, accountable for non-adequate measures of protection for personal data.
Singapore is a country that prides itself on some of the most secure infrastructures in the world, be it hardware or software. This attack comes alerting other countries in the world that even the most secure walls of security can be brought down.
Personal data hacked are usually used for identity theft after which it is sold in the black markets of the internet. People who acquire this data use it for identity theft or even for marketing purposes. There are also other endless possibilities of dangers that the end consumers in these databases face like:
#1. Medical impersonation: By impersonating the affected patient, hackers can purchase and resell controlled medical equipment and drugs, or even file fictitious insurance claims based on the patient’s medical records
#2. Identity verification: Hackers can verify and authenticate business email addresses and personal bank accounts, and perform actions “on behalf of” the affected patient
#3. Spear phishing: Using such information, hackers can phish the affected patient for sensitive data.
On the bright side (so to say), the government reported that no data has been tampered with or modified. Other than the personal information of about 1.5 million records stolen, there was no evidence of other stolen or tampered records of diagnosis, test results, doctor notes or other such medical records.
The Prime Minister, however, was found to be a repeated target of the hackers. Investigations revealed that the hackers were trying to get a hold of all his information. Reports suggest that hackers got a hold of his outpatient records for what reason, no one really knows.
A summary of the system breach
According to the Government, this hack was executed between the 27th of June leading into the 4th of July. After investigations, it appears that computers belonging to SingHealth were infected with malware which is how the hackers got access to their database.
All staff from SingHealth have been reported banned from using the internet on their computers until further investigations are done. This is done to plug any leaks from the work emails and shared documents as well as guarding against other possible attacks. Other healthcare institutions have been advised to do the same.
Why healthcare industries?
Hackers do not discriminate between industries.. There are multiple reasons as to why hackers hack. Although no reason is a good enough one to hack an industry like the medical industry, hackers are at the core of industries that they perceive as most vulnerable.
A recent Washington Post story says healthcare organizations are juicy targets because they have a vast amount of personal information that can be used for fraud -- contact names, social security numbers, payment and health insurance information, and more. This data is sold by hackers on a black market in the dark web.
Ransomware is plaguing hospitals -- and it poses a special challenge for healthcare IT workers.
According to Eric Hoh, the Asia Pacific President of security company FireEye, healthcare records are often targetted because they contain valuable information to governments.
We’ve been prophesying similar events such as these at Appknox. We’ve been writing about security with a focus on healthcare hacks and the dangers it poses to consumers and businesses. It goes beyond just closing a sales deal. We see the desperate need for upgraded real-time security in all business, not just healthcare. If you aren’t doing it to protect the reputation of your business, do it to protect the data of innocent people falling in the hands of the wrong people.
What can you do?
Cybersecurity isn't something that can be eradicated with a magic solution. It's an ongoing cycle that poses constant threats every day. The key to a safer professional environment is education and awareness. Ensure your staff, in this case, doctors and their assistants at the hospital are equipped with the basic knowledge of safe handling of emails or documents connected with the internet. It may seem irrelevant but you will be surprised what a long way it goes into helping keep your entity secure.
If you’re a business who realizes this need, we’re happy to help. Get in touch with Appknox to learn more and we’d love to help you set up a cybersecurity strategy that will be sustainable and ensure you are protected from the worst outcomes an attack could possibly bring to you.