by Georgia Tong
It takes more than two months – from 1 May to 4 July 18 – before the cyber-attack on Singhealth was discovered. By then, the non-medical data of 1.5 million patients had been breached, and because of the late discovery, a further 160,000 patients’ medical records were stolen between 27 June to 4 July.
The hacker(s) must have been having a field day, first stealing personal data and when no one noticed, they went for medical record as well. Why did it take more than two month for these major attacks to be noticed? Is the IT security system simply that weak or was the Singhealth IT department sleeping on the job?
Not only that, following the breach, the mainstream media embarked on its usual diversion tactics to direct public focus away from the important questions: Who attacked us? What do they intend to do with our data? What is the government doing to apprehend the culprits?
We are not interested in how many SMS’s were sent out to inform patients whether their data had been stolen or not. Nor do we find comfort in the fact that both PM Lee’s and Mr Goh CT’s data were also accessed – according to the mainstream media. It is also ridiculous that the mainstream media has been calling for Singhealth and the government to be ‘lauded’ for the way they’ve handled this cyber-attack which really should not have even happened to begin with.
The authorities have said that this is a major attack but they are unable to reveal the identity of the culprits due to security reasons. We find that hard to believe considering there was no mention at all of the authorities even going after the hacker. What is the point of forming a committee when, like so many committees formed in the past, nothing ever happens. Just like the SMRT issue, the problems persisted and even became more serious after the departure of the CEO, Ms Saw.
In the SMS’s sent out to patients, we were told that ‘no action is needed’. We’re merely individuals, so what can we do anyway. But we do expect some concrete actions from the government which is tasked with protecting its citizens’ interest. The government stated that the breach was perpetrated by a major foreign hacker(s). If that’s true, what are their objectives? Are they stealing data just for fun? Surely these hackers intend to monetize the stolen data. So if the government knows who is/are behind this attack, why are they not going after them?
Is it possible they are hiding something from us? Everything seems to be a national security issue when they don’t want the public to know about it – like GIC, Temasek or the financial status of our national reserve.
This is a massive cyber security breach and yet we’re not given any concrete details, nothing to quell speculation. What does that leave us with? For all we know, this could have been done by a small time hacker and the authorities are merely trying to save face for their limping security systems.
A SMART Nation with a handicapped security system that can’t seem to even protect public data.