[BreachExchange] Singapore public healthcare sector limits internet use

[Destry Winant]

https://www.computerweekly.com/news/252445405/Singapore-public-healthcare-sector-limits-internet-use

The move is part of containment and monitoring measures implemented to
further protect patient data against emerging forms of cyber threats.

Other measures that have since been put in place include additional
controls on workstations and servers, reset of user and systems
accounts, and installation of additional system monitoring controls on
IT systems.

On 20 July 2018, the Singapore government revealed that about 1.5
million patients who visited SingHealth’s specialist outpatient
clinics and polyclinics from 1 May 2015 to 4 July 2018 have had their
non-medical personal particulars illegally accessed and copied in a
deliberate, targeted and well-planned cyber attack.

The data taken included names, national identity card numbers,
addresses and dates of birth. Information on the outpatient dispensed
medicines of about 160,000 patients was also exfiltrated through an
initial breach on a front-end workstation.

The Ministry of Health (MOH) said the decision to impose what it calls
internet surfing separation (ISS) will strengthen public healthcare IT
systems against evolving cyber security threats, and more importantly,
to safeguard the confidentiality of patient data.

“We would like to assure all patients that their safety and care are
our priority, and we will work to ensure that these are not
compromised as a result of the implementation of ISS and various
security measures,” it said.

Singapore’s public healthcare institutions currently rely on the
internet to deliver some healthcare services. These include reading of
diagnostic reports from laboratories, submission and retrieval of
results from screening databases, birth and death registration,
referrals, video consultation, as well as payment and claims
processing.

MOH said patients may experience longer waiting time for consultations
and to receive their test results, as well as delays in checking their
MediSave medical savings accounts or making their claims.

“The technical teams are also on the ground to address issues that
have arisen. Interim alternatives are being deployed to departments
requiring internet access, including separate shared workstations for
connection to the internet where needed for the staff’s work,” it
added.

Sid Deshpande, research director at Gartner, stressed the importance
of having “defence in depth”, or security controls at various layers
of technology infrastructure in mitigating similar cyber threats.

“An equal emphasis needs to be applied on application security,
endpoint security, data security, web/e-mail security and
identity/access management to prevent or reduce the number of security
incidents. Preventative approaches need to be supplemented with good
detection and response capabilities.

“Attackers usually intend to stay dormant in systems to avoid
detection and cause further damage, so the fact that the breach was
detected this early actually shows that the security teams in this
case were actively monitoring systems to detect incidents,” he added.

Sid Deshpande, research director at Gartner, stressed the importance
of having “defence in depth”, or security controls at various layers
of technology infrastructure in mitigating similar cyber threats.

“An equal emphasis needs to be applied on application security,
endpoint security, data security, web/e-mail security and
identity/access management to prevent or reduce the number of security
incidents. Preventative approaches need to be supplemented with good
detection and response capabilities.

“Attackers usually intend to stay dormant in systems to avoid
detection and cause further damage, so the fact that the breach was
detected this early actually shows that the security teams in this
case were actively monitoring systems to detect incidents,” he added.