The most serious breach of data in the history of Singapore happened last month when SingHealth reported that 1.5 million patient records were breached. According to Strait Times, among those affected includes Prime Minister Lee Hsien Loong, with the attackers “specifically and repeatedly targeting” his personal particulars and information of his outpatient dispensed medicines.
Not only the Prime Minister, but several other ministers were also affected, including Emeritus Senior Minister Goh Chok Tong. Nevertheless, the hackers did not amend or delete the records.
The cyber-attack on SingHealth’s network in June has prompted to include a requirement to report suspicious IT incidents within 24 hours.
The Communications and Information Minister S Iswaran who vowed to get to the bottom of the breach, said: “I want to assure everyone that the Government takes with the utmost seriousness its responsibility of ensuring the security of public sector IT systems and databases”.
This attack was severe and this prompted a slew of new security measures at its IT vendor.
In a statement released yesterday by Integrated Health Information Systems (IHiS) – which runs the IT systems of all public healthcare operators here – said the new procedure, along with 18 other new technical measures, will “reduce the risks and impact of human errors”.
This statement comes after the ongoing Committee of Inquiry (COI) into the cyber-attack caused the biggest data breach ever in Singapore.
IHiS chief executive Bruce Liang was testifying before the COI panel yesterday, said “it needs to promote a culture that accepts the reporting of suspicious activities even if they may be a false alarm.
“It is okay to report things you are not sure about,” he said when Solicitor-General Kwek Mean Luck asked what steps he would take to avoid delays in reporting suspicious incidents in future.
The tardy response and lack of awareness are some of the serious things that need to be addressed, and there are other issues also as raised by the COI. Like suspicious network activities that were found in June, but the authorities failed to alert the management.
The government has stepped up its defenses and has rolled out more sophisticated malware blocking that detects threats across 6000 servers and more than 50k endpoint devices across public healthcare institutions.
To thwart sophisticated hackers- 60,000 endpoint devices will have two-factor authentication for all administrators who manage such workstations and laptops in public hospitals.
The administrators will be required to enter a one-time password generated through the security token, or delivered by SMS to log into systems to reset passwords or install software, among other administrative tasks.
These defense mechanisms are intended to stop state-sponsored advanced persistent threat actors that led to SingHealth attack. It will have advanced features like threat hunting and intelligence to catch malicious activities that might have evaded detection.
Access control is configured in a way that only computers that have the latest security updates will be allowed to plug into hospital networks. Machines that are not adequately protected will need to be updated with security patches before they can plug into the network.
The COI in its report has mentioned how the server exploited by the hackers to breach SingHealth’s system didn’t have the necessary security software updates for more than a year.
Suspicious bulk queries to patient databases will also be actively monitored, and a system will be rolled out to detect the activity. As of now, the IHiS is not equipped with such automation.
Temporary Internet surfing will be done on a virtual browser since it allows users to access the Internet safely via quarantined servers. This will limit the number of potential attack points.
The Health Ministry is piloting a virtual browser system, scheduled to be completed by the middle of next year, said IHiS.