Security experts chime in on Singapore’s historic data breach

Security experts chime in on Singapore’s historic data breach

Was there a way to prevent this attack?

Ng Teng Fong General Hospital in Singapore

Ng Teng Fong General Hospital in Singapore

Jarva sees application security problems divided into two parts, flaws and bugs.

“To catch most of these software security problems, we need to identify them early on so that they would not come back to haunt us later on,” said Jarva.

"We have to stay vigilant when it comes to understanding how and what kind of data we are protecting, where it is located, and what kind of security controls we have in place to protect it."

Jarva advised tackling those issues earlier in the software development life cycle, rather than later, which can be costly to fix later on.

Healthcare IT systems are usually large, complex systems, involving many parts, which can increase the difficulty of managing security in a controlled manner, as different parts of the system may have different third-party software components and inherent vulnerabilities, “and often, may not be properly identified and patched early enough,” said Jarva.

“This is not a challenge that is unique to healthcare, it is a challenge that every large organisation goes through."

In fact, the healthcare sector shares the same shortcomings as other enterprises, but with additional challenges, such as a lack of security resources, financial resources, and expertise, to correct this weakness, though this may not be as big a problem in Singapore as it is in other countries, but it is still a challenge nonetheless.

Another challenge is the environment healthcare systems operate in can be extremely heterogeneous, with laptops, IT servers, and a multitude of connected devices such as drug infusion pumps, imaging devices like MRI and CT scanners, and treatment software (such as those used to manage implantable pacemakers).

Due to the size of the healthcare sector, not all systems connected well with each other, but Singapore has been working to standardise information flow across the sector with its  electronic health records initiative.

What to do next?

Paul Ducklin, senior technologist at Sophos has some advice to those affected by this data breach on what to do next.

"The data stolen in this breach is an identity thief's goldmine,” said Ducklin.

"It is a startling reminder to all Singaporeans that there is no such thing as 'cyber attackers would never care about little old me' – once your data is scooped up in a cyber security blunder of this sort, you simply cannot control where it will go next.

"Anyone affected in this breach has no choice but to assume that their personal information will end up for sale in the cyber underground, ready for active abuse by cyber crooks."

What does Ducklin recommend? Firstly, keep a careful watch over all financial statements, such as bank accounts, payment cards, loans, pension funds, taxation records and so on, and report any suspicious activity immediately.

The next step would be to talk to financial institutions about locking down account details in order to make it harder for cyber criminals to try to take over accounts.

Also, users must be on the lookout for unsolicited communications that arrive in the wake of this breach offering any sort of help or asking for further details "to assist in the investigation."

Lastly, Ducklin advised users to not use contact information, web links or phone numbers that were sent online, instead look for contact information on existing invoices, on printed correspondence received in the past, or by visiting an organisation's office in person.

"Whether this was a lone hacker who got lucky, a well-oiled cyber crime gang or a state-sponsored attack team you will not get your personal data back, and it will not change the fact that you cannot control who gets it next,” said Ducklin.

“Keep your own eyes open for any attempt to abuse your personal data in the future."

Importance of collaboration

There are Singaporeans who have put the Singapore government on blast for such an attack, calling for resignations. However, by international standards, they have done extremely well so far.

What happens next is crucial. It is important a full independent investigation takes place and the government learns from this breach and takes concrete action to ensure a similar breach does not occur again.

Singapore will continue on its quest to be the world’s first smart nation, with Lee Hsien Loong - Singapore’s Prime Minister - restating his commitment in the wake of the attack, who was also personally affected by this breach.

"With a growing focus on integrating MedTech, FinTech and GovTech as a part of our Smart Nation drive, local organisations must guard against the possibility of these attacks hitting our shores,” added Linda Gray Martin, director and general manager of RSA Conferences.

"The scenario is worrying for industries that rely heavily on public confidence. A laboratory that cannot vouch for the fidelity of medical test results, or a bank that has had account balances tampered with, are examples of organisations at risk.

"No government can keep criminals off the internet and no company can pre-empt the entire spectrum of threats, from automated attacks to sophisticated ones that lie low in networks, invisible to security teams."

As such, it is important we not operate in silos can we work together to secure our networks, “increasingly, cyber security conversations are not just for CIOs, CISOs and IT managers,” said Martin.

“The rest of the C-suite, government officials and citizens need to come together to strengthen APJ’s cybersecurity posture,” added Martin.

Martin explained the critical importance of having a crisis-response team ready ‘when’, not ‘if’, a breach occurs.

“Incident response is also very much a mandatory capability in today’s connected, globalised economy – something many in the practitioner community agree on,” said Martin. “It is not a matter of ‘if’ you will be breached but ‘when’."

“Having a crisis-response team ready ensures that organisations can return to normal operations as soon as possible."

Tags cyber crime

Show Comments