The SingHealth cyberattack: what you need to know



[ad_1]

SINGAPORE: Personal information of 1.5 million people was stolen in a cyberattack in the SingHealth database, in what the authorities described as the "most serious personal data breach" in the world. history of Singapore

. the attack also targeted "specifically and repeatedly" the personal data of Prime Minister Lee Hsien Loong and data on outpatient drugs

Confidential records belonging to the 1.5 million patients, including their names, NRIC numbers and addresses, were illegally consulted. copy. Of this group, 160,000 also stole their distributed drug records.

Here's What You Need to Know:

1) Chronology

On July 4, administrators detected an unusual activity on one of SingHealth's computer databases and "act immediately" to stop the activity. The investigations continued, they put in place additional precautions for cyber security

Six days later, investigations confirmed that it was a matter of fact. a cyberattack and the Ministry of Health, Singapore's SingHealth and Cyber ​​Security Agency (CSA) informed. It was determined that data was stolen from June 27 to July 4.

SingHealth filed a police report on July 12th.

2) How did this happen?

It was determined that the attackers accessed the SingHealth computer system through an initial breach on a front-end workstation.

They then managed to obtain privileged account identification information to access the database.

3) Who is concerned?

If you have visited one of SingHealth's specialized external or polyclinic clinics between May 1, 2015 and July 4, 2018, chances are that this will be affected.

Over the next five days, SingHealth will send a message 1.5 million affected patients and inform them if their records have been stolen. Those who do not have a registered cell number will receive a letter in the next week.

Patients can also access this URL to check if their data has been compromised.

4) What to do if you are affected?

Health Minister Gan Kim Yong said people should look for "anomalies" and "unusual activities" in their emails and transactions. If something does not seem right, contact the authorities immediately.

People whose medical records have been stolen will also receive a phone number to call.

5) Should you be worried?

In short, not really, said the authorities. CSA Executive Director David Koh said the stolen information was "basic demographics".

"We are watching to see if something appears on the Internet both on the Internet and at some less well-known sites." But given the type of data that has been leaked, it is – from our professional experience – unlikely They appear, because there is no high commercial value for these types of data. data. "

The Minister of Communication and Information, S Iswaran, said that violations of this magnitude are not uncommon in other countries, for example the National Health Service of the United Kingdom. United has already been hacked.

"These events have occurred even in some of the safest systems in the world," he added. "So I think we need to keep the incident in perspective and then let the process take its course. "

5) What is the extent of piracy?

Critical patient records, such as diagnosis, test results, or notes of doctor have not been stolen.No stolen data has been published either in the public domain.

There is also no evidence of a similar violation in other government public health and computer systems

6) And after? [19459009[19659002] In addition to police investigations, an investigative commission will be set up to establish the events and contributing factors leading to the attack and response to the incident. The committee will also make recommendations on improvements.

Authorities will also conduct a "thorough review" of the public health system with the help of third-party experts to improve the prevention, detection and response to cyber attacks. CSA will work closely with key sectors such as banking and finance to improve the security of their critical information infrastructure systems.

7) Who is responsible for l & # 39; attack?

Channel NewsAsia understands that the authorities know who could be behind the attack. Some countries in the world have shown this level of sophistication in cyberattacks.

Mr. Koh is excused saying: "We are not able to reveal more for operational security reasons".

[ad_2]
Source link