The investigation into cyber-attack on SingHealth database which affected around 1.5 million people, including Singapore’s Prime Minister Lee Hsien Loong, revealed that the incident occurred due to lack of basic security, employee training, and other flaws. The investigation committee which was formed shortly after the breach stated the breach went on about for a year between August 2017 and July 2018.
The report also highlighted the failures of the Integrated Health Information System (IHIS) and the IT agency responsible for the public health system’s security for not having adequate cybersecurity awareness, resources, and training to respond to cyber-attacks. The committee also stated that most of the United States health organizations still fail to educate their employees, apply patches, and follow basic security methods.
“There were a number of vulnerabilities, weaknesses, and misconfigurations in the SingHealth network and SCM system that contributed to the attacker’s success in obtaining and exfiltrating the data, many of which could have been remedied before the attack,” the report stated.
“The attacker had a clear goal in mind, namely the personal and outpatient medication data of the Prime Minister in the main, and also that of other patients. The attacker employed advanced TTPs, as seen from the suite of advanced, customized, and stealthy malware used, generally stealthy movements, and its ability to find and exploit various vulnerabilities in SingHealth’s IT network and the SCM application,” the report added.
On July 4, 2018, the security officials at SingHealth detected and stopped an unusual activity that occurred between June 27, 2018 and July 04, 2018. The hackers allegedly compromised more than 1.5 million patients’ personal information. Singapore’s Prime Minister Lee Hsien Loong’s personal particulars and outpatient medication data were also exposed in the breach. The Singapore government disconnected computers from the internet at public healthcare centers and set up a four-member Committee of Inquiry (COI) to investigate the incident.