[BreachExchange] Singapore imposes $740, 000 fines over major cyber attack

Destry Winant destry at riskbasedsecurity.com
Tue Jan 15 18:27:20 EST 2019


https://www.nst.com.my/world/2019/01/450833/singapore-imposes-740000-fines-over-major-cyber-attack

Singapore’s privacy watchdog Tuesday imposed fines of Sg$1 million
($740,000) on a healthcare provider and an IT agency over a
cyber-attack that saw health records of about quarter of the
population stolen.

In the city-state’s biggest ever data breach, hackers last year gained
access to a government database and made off with the records of 1.5
million people, with Prime Minister Lee Hsien Loong among those
targeted.

An official inquiry last week highlighted a litany of failings,
including weaknesses in computer systems and inadequate staff training
and resources, and said authorities believe a state was likely behind
the attack.

The official Personal Data Protection Commission announced it was
fining Integrated Health Information Systems, which runs the IT
systems for Singapore’s public healthcare sector, Sg$750,000.

SingHealth, a healthcare provider which groups some public hospitals
and clinics, was hit with a Sg$250,000 fine.

The commission said the organisations had failed to “make reasonable
security arrangements to protect personal data of individuals.”

The stolen information was “highly sensitive and confidential personal
data,” it said.

“It is not difficult to imagine the potential embarrassment that a
patient may suffer if such sensitive information about the patient and
the patient’s health concerns were made known to all and sundry.”

Officials have not disclosed which state they believe was behind the
breach, which occurred between June 27 and July 4. The compromised
data included personal information and medication dispensed to
patients.

Analysts say that Russia – which is accused of meddling in the US
presidential election – China, Iran and North Korea are believed to
have the capability to carry out such attacks.

Wealthy Singapore is hyper-connected and on a drive to digitise
government records and essential services. But the government says it
fends off thousands of cyber-attacks every day and has long warned of
breaches by actors as varied as high-school students in their
basements to nation states. -- AFP


More information about the BreachExchange mailing list