Lessons from Singapore’s massive Healthcare Hack
- The Committee of Inquiry (COI) formed by the Singapore Government released a public report documenting a detailed analysis of the massive hack.
- The report highlights the need for introducing information security standards, adequate staff training, and improvement in incident response strategy.
The Singapore Government on Thursday released a public report which contained a detailed analysis of the large cyber attack that happened back in August 2017.
In the attack, the patient database of Singapore Health Services Private Limited (SingHealth) was accessed illegally. Private information related to around 1.5 million patients, including the Prime Minister of Singapore, was stolen by the attackers.
Post this year-long investigation, a report published by Committee of Enquiry(COI) had many insights worth learning from.
Key Findings and Recommendations
In the report, the committee mentioned the loopholes found in the patient information system division of SingHealth called Integrated Health Information Systems (IHiS).
Some of the key findings were as follows.
- The IHiS staff was inadequately trained on cybersecurity measures to prevent data breaches.
- The IT teams failed in taking quick and efficient actions after the hack
- The information systems of the healthcare department has existing vulnerabilities.
- The attackers involved in the hack resemble an APT group as per the investigation.
A total of sixteen recommendations were made with seven being labeled as ‘Priority Recommendations’ and nine under ‘Additional Recommendations’. The former part focused on having a rigid cybersecurity structure in both SingHealth and IHiS, while the latter pertained to various concerns such as technical improvements, organizational processes, staff training, and other process-related issues.
The report also mentions actions taken by the IHiS post the hack. A few of them include implementation of Client Advanced Threat Protection (ATP), introducing Information Security standards (ISS), improving organizational processes, and focusing on increased cyber situational awareness. Altogether, IHiS has taken several steps to reinforce their entire ecosystem after the breach.