MS Risk Blog

Cyber-attack against SingHealth’s IT System

Posted on in Cyber, Singapore title_rule

In July 2018, Singaporean healthcare system SingHealth was the victim of a cyber-attack. Approximately 1.5 million patients’ medical data was stolen, among them the medical record of the Singaporean Prime Minister Lee Hsien Loong. The Cyber Security Agency of Singapore (CSA) experts recognised unusual activity on one of SingHealth’s IT databases on 4 July, but by that time, the attackers had stolen online credentials and covered their tracks. A police investigation confirmed that data was stolen between June 27 and July 4.

Authorities suspect the attack was state-sponsored, particularly considering the high profile of the key target. The investigation showed that there were several attempts to obtain the Prime Minister’s data. Such data can be used by belligerent countries or local terrorist organisations to plan covert operations against politicians and decision makers. The CSA chief executive said at a news conference it is better not to speculate what the attacker had in mind. Further, the Communication and Information Minister did not name any state in the interest of national security.

Sophisticated attack

The attack on SingHealth shows a great deal of sophistication; according to the CSA, the attackers planned ahead and set up several entry points to the system to avoid detection. They were not preparing for a hit-and-run attack; rather, they built their persistence on the target network. It is also one of those rare cases when the final target of the attack is known, as evidenced by the attempts to breach the system and access the Prime Minister’s data. The other 1.5 million accounts gathered by the attackers are likely a “bonus”, however, this kind of data is highly sought by criminal organisations. Medical data contains not only information related to an individual’s health, but also contains easily identifiable personal and financial details. Until now, the medical data has not surfaced in the public domain and there is no information proving the authorities have tried to contact the attackers.

In most cases of cyber-attack, the final target is unknown. Even if it is unearthed, targets are unlikely to admit that their applied defences were not strong enough to protect their data, or that of their clients. According to SingHealth, they had taken steps to thwart the hackers, including closing entry points to their network and asking their employees to change their passwords. The latter is critical, as these passwords were used to penetrate the system and obtain the medical data.

Cyber attacks and mitigation

The attack on SingHealth is just one example of the dozens of different cyber-attacks, which can target not only people using the internet, but redirecting the online communication of any service, or the changing of commands of any program. All of these activities can have as devastating effects, such as stealing online credentials and using them to penetrate a system for financial gains. Cyber-attacks are among the most significant modern threats. According to Sonicwall’s 2018 Cyber Threat Report, there were 9.3 billion malware attacks registered in 2017, which is a nearly 20% increase compared to the number of attacks in 2016. These attacks are targeting not only individuals, but critical infrastructures, state organisations and businesses as well. Most people are familiar with malicious e-mails that include odd-looking attachments or have heard stories of stolen online credentials.

Unfortunately, there is no 100% perfect protection against cyber-attacks, but there are some best practices everyone advised to follow to minimise the chances of becoming a victim of a cyber-attack. One of the most important defences is our choice of passwords. Sometimes, choosing a simple password that is easy to remember can also be easy to break. Further, using only one password for all the online accounts would make one’s online presence extremely vulnerable to an attack. Once the password is obtained, access is granted to one’s social media accounts, online shopping accounts and so on. As most of the attacks targeting individuals arrive via e-mail, it is important to avoid opening e-mails with unknown origin. Security experts highly recommend building this awareness into our daily online routine. The human component in cyber security is perhaps the most critical, as ill-informed users are often the gateway for cyber-attackers to obtain personal data.

Tagged as: ,