The Singapore healthcare hack - Cyber Site
Cyber Site

The Singapore healthcare hack

The recent cyber attack against the Singapore healthcare system, carried out between June 27 to July 4, carries an eminent warning for healthcare providers the world over.

The attack against Singapore’s largest healthcare provider, SingHealth, now believed to have been perpetrated by nation state actors, compromised the medical files of over 1.5 million Singaporeans, including the outpatient details of some 160,000 patients.

With Singapore’s Prime Minister, Lee Hsien Loong, admitting his personal concern about the compromise of his own personal data in this attack, one cannot discount the severity of the breach. While the data exposed did not by all accounts include actual medical information, it did include patients’ names, addresses, dates of birth, genders, race, and national registry numbers; such information is certainly enough to be of value to criminal enterprises if sold on marketplaces on the Dark Web.

Following the nationwide compromise of Britain’s own NHS with the WannaCry ransomware attack in 2017, this incident in Singapore serves to highlight the dangers that healthcare providers now face in cyberspace. Cyber security is no longer an optional extra, a luxury to be indulged in times of budgetary comfort, but should instead be seen as vital to business survival.

What has also become clear in the past 18 months worldwide is that healthcare is not sacrosanct, it is considered not only a viable but indeed a lucrative target for cyber criminal enterprises. The time old presumption from healthcare professionals that nobody would consider attacking a benevolent professional must be cast aside, as real world events most assuredly disprove this notion.

With the scale of damage seen against the NHS, and thinking of the regulatory fines that would be levied against any European-based healthcare provider under GDPR were a Singapore type incident to occur closer to home shores, it is clear that serious consideration must be given both to preventative cyber security training and cyber insurance.

Cyber security training will go far in helping organisations to avoid being subject to the vast majority of attacks, helping to mitigate if not prevent incidents like data breaches and ransomware that are particularly prevalent. Cyber insurance meanwhile, will help cash strapped organisations cover their costs should they fall victim to acts of cyber crime. With the costs of incident response, operational damage, and potential fines as well as legal cases to cover, cyber insurance should be seen every bit as essential as other types of insurance.

Read more news

Go back