Report on SingHealth breach condemns poor security practices
A Committee of Inquiry report into Singapore’s SingHealth 2018 data breach suggests that IT staff were ill prepared and failed to take appropriate action to prevent the breach. And what’s more, the system itself was riddled with vulnerabilities.
SingHealth, which employs a firm called Integrated Health Information Systems (IHiS) to operate its health system and implement cybersecurity protection. That protection failed in August 2017, when an attacker gained access to SingHealth’s IT network through suspected phishing attacks.
In June, July, and August 2018, the attacker compromised databases that eventually led to the leak of personal details belonging to almost 1.5 million patients. The report, titled Public report of the committee of inquiry into the cyber attack on Singapore Health Services Private Limited’s patient database on or around 27 June 2018, presented five key findings in relation to the breach.