- This topic has 1 reply, 2 voices, and was last updated 2 hours, 1 minute ago by
.
-
Posts
-
-
Brief Description of the Story
In July 2018, Singapore’s largest healthcare group, SingHealth, suffered the nation’s most serious cyberattack to date. The attackers stole the personal data of 1.5 million patients, including names, national registration identity card (NRIC) numbers, addresses and dates of birth. For 160,000 patients, outpatient prescription records were also accessed. The breach was deliberate, targeted, and sophisticated even the Prime Minister’s medical records were compromised.Source: https://www.moh.gov.sg/newsroom/singhealth’s-it-system-target-of-cyberattack
Impact and Consequences
The breach had far-reaching consequences for individuals, the healthcare sector and national security:
_Patient Privacy Violation – Exposure of sensitive personal and partial medical data created risks of identity theft, fraud, and social engineering attacks.
_Loss of Public Trust – Confidence in the security of Singapore’s healthcare IT systems was significantly eroded.
_National Security Implications – The targeting of high-profile individuals suggested possible state-sponsored espionage.
_Financial and Operational Costs –
a. The integrated health information systems (IHiS) was fined SGD 1 million.
b. Significant resources were spent on forensic investigations, system upgrades and patient notifications.
_Policy Reform – Triggered a nationwide review of cybersecurity measures in public healthcare institutions.How the Data Breach Occurred
The committee of inquiry (COI) investigation revealed a multi-stage attack:
1. Initial Compromise – Likely began in August 2017 via a phishing email, leading to malware infection on a front-end workstation.
2. Credential Theft & Privilege Escalation – Attackers obtained administrator credentials.
3. Lateral Movement – Exploited weak network segmentation to move from the compromised workstation to Citrix servers.
4. Database Access – Gained entry to the Sunrise Clinical Manager (SCM) database containing patient records.
5. Data Exfiltration – Between 27 June and 4 July 2018, attackers ran repeated queries to extract personal and prescription data.
6. Delayed Escalation – Suspicious activity was detected on 4 July but only escalated to senior management on 9 July, prolonging exposure.Main Cause of the Data Breach
Primary Cause: Phishing attack combined with human lapses in incident response.
1. Phishing – A malicious email tricked a staff member into enabling malware installation.
2. Security Culture Gaps – Alerts were not promptly escalated, and some staff underestimated the severity of early warning signs.
3. Technical Weaknesses – Poor network segmentation and insufficient real-time monitoring allowed attackers to move freely within the system.How to Prevent This Type of Attack
1. Technical Measures
_The multi-factor authentication for all privileged accounts.
_Network segmentation to isolate critical databases from general user systems.
_Advanced threat detection with automated alerts and rapid containment protocols.2. Organizational Measures
_Cybersecurity awareness training to help staff identify phishing attempts.
_Clear incident escalation protocols to ensure rapid reporting to senior management.
_The routine security audits and testing to identify and fix vulnerabilities. -
Although first step of phishing attack is generally reduced by cybersecurity awareness training, the main problem is lack of proper access control policy. Because of it, when the attacker got inside the company circle, it can access other resource regardless of its account’s role. Proper access control policies and strictly follow “Trust No One” rule for all security measures can prevent or reduce the damage of attack if it happened.
-
You must be logged in to reply to this topic. Login here