• About Us
    • Fact Checking Policy
    • Ownership & funding information
    • Volunteer
  • Subscribe
  • Letter submission
    • Submissions Policy
  • Contact Us
The Online Citizen Asia
  • Opinion
    • Editorial
    • Commentaries
    • Letters
    • Comments
  • Current Affairs
    • Singapore
    • Malaysia
    • Indonesia
    • China
    • ASEAN
    • Asia
    • International
  • Finance
    • Economics
    • Labour
    • Property
    • Business
  • Community
    • Arts & Culture
    • Consumer Watch
    • NGO
    • Lifestyle
    • Travel
  • Politics
    • Civil Society
    • Parliament
    • Transport
    • Education
    • Environment
    • Health
    • Housing
  • Law & Order
    • Legislation
    • Court Cases
No Result
View All Result
  • Opinion
    • Editorial
    • Commentaries
    • Letters
    • Comments
  • Current Affairs
    • Singapore
    • Malaysia
    • Indonesia
    • China
    • ASEAN
    • Asia
    • International
  • Finance
    • Economics
    • Labour
    • Property
    • Business
  • Community
    • Arts & Culture
    • Consumer Watch
    • NGO
    • Lifestyle
    • Travel
  • Politics
    • Civil Society
    • Parliament
    • Transport
    • Education
    • Environment
    • Health
    • Housing
  • Law & Order
    • Legislation
    • Court Cases
No Result
View All Result
The Online Citizen Asia
No Result
View All Result

SingHealth saga: Data breach raises furore amongst local netizens, questions regarding liability

by The Online Citizen
25/07/2018
in Comments, Government
Reading Time: 7 mins read
0

Source: The Hacker News

In a press release on Monday (23 July), SingHealth stated that it has “sent SMS notifications to more than 1.8 million patients who visited its specialist outpatient clinics and polyclinics from 1 May 2015 to 4 July 2018 to notify them if their data had been illegally accessed and copied”.

The statement was released in light of a cyber security attack by hackers, affecting 1.5 million patients who had visited SingHealth’s specialist outpatient clinics or polyclinics between May 1, 2015 and Jul 4, 2018, including Prime Minister Lee Hsien Loong, whose personal particulars and outpatient medication data were reportedly “repeatedly and specifically” targeted.

It added that SingHealth patients who have not registered their mobile numbers as a part of the data “will receive letters informing them the status of their data this week” instead.

According to findings from its data check, “More than 231,000 patients have accessed the Health Buddy mobile app and SingHealth website” to verify if their data were also implicated in the cyberattack.

SingHealth reassured that “no phone numbers, financial information or other patient medical records were illegally accessed”, adding that their healthcare provisions and services, including clinic and hospital operations, are not disrupted by the recent breach of data, and that “operations [will] continue as normal”.

SingHealth also urged patients “who visited SingHealth specialist outpatient clinics and polyclinics from 1 May 2015 to 4 July 2018, who are unable to do a data check via the Health Buddy mobile app or SingHealth website” to dial 6326 5555 at any day of the week from 9am to 9pm should they require any assistance.

Earlier, in a Facebook post dated 20 July, SingHealth warned patients to keep an eye on “fake” text messages informing them that their medical records have been accessed:

SingHealth also released an alert regarding “fake” phone calls related to the cyberattack:

Netizens have expressed concern over the privacy and safety risks that may arise as a result of SingHealth’s compromised medical records database.

Robert Guo said:

I just received this SMS text. Am I to feel assured that someone out there now has all my particulars, including my NRIC number, date of birth, and residential address, all of which are commonly used to confirm my identity when making phone enquiries through banks and government statutory boards?

Lim Chun Hui wrote:

“www.singhealth.com.sg/cyberattack (name) -your name, IC, address, gender, race & birth date were accessed but not altered. Mobile no. medical & financial info unaffected. No action needed. We apologise for anxiety caused. For queries [email protected]”

Name, NRIC and Birth Date is been access. Does that mean they can call my telco or bank and make unauthorised transaction on my behalf? They usually will authentic the caller using the NRIC or birth date.

If there is any unauthorised transaction and the telco or bank say I had been authenticated using my NRIC or birth date, am I going to be responsible for any charges incurred?

Michael Chen said:

lol. the fact that i got an sms that addresses me by a different name may show that the data itself has been compromised?!? i am not the only one that this has happened to as reported in papers.

moreover, what assurance is there no compromise? is there independent verification/ audit?

David Lee raised pertinent questions regarding SingHealth’s role in safeguarding patients’ data: 

Why SingHealth is not held liable for breach of PDPA? If it is other private sectors, and not related to government agencies, they will be slapped with a heavy penalty. With the impending implementation of the Electronic Health System, how assured are the patients that the system is foolproof and [that there will be] no further breach of patients information – whether or not the information has any commercial value?

伟祥梁 enquired:

Why can’t SingHealth use post letter to inform? Now you [SingHealth] are using SMS, you are giving cyber-attackers [the] opportunity to send fake SMS messages to all [patients]. What is this link on the msg for? “http://bit.ly/cyber-attack18”

What if cyber attackers sent similar SMS messages with a link to hack on our phone?

The Government always asks people to stay alert on SMS scams, now you all still do this kind of stupid idea!

Georg Zoeller wrote:

You guys ought to use a government-branded URL shortener rather than bit.ly where anyone can create links.

This teaches people to expect and click random urls sent to them via SMS, allowing all kinds of malicious follow up attacks on people – especially since the attackers may have access to privileged data that can be used to create an official image.

To be frank, the spoofed sms were utterly predictable and will lead to many follow up scams against the population. In 2018, we ought to be more thoughtful and have a playbook for this kind of issue.

Nur Hayati wrote:

SingHealth, apologies aren’t going to cut it. The information accessed are used by banks, telcos etc. to verify our identities. Moving forward, all organisations with such information should ensure that its cyber security is tight. Disappointed, and I hope this issue is resolved thoroughly by all agencies.

Lee Tze Hoo said:

SingHealth, I would like to know if any encryption was applied on the data that was taken. If not, what was the reason they were deem unnecessary to be encrypted?

Also, do you guys have any concrete plans to avoid future data breaches like this?

Poon Alvin wrote:

[…] it says the information were accessed but not altered. Who give a damn if our data has been altered at your end? The crucial thing is that our data has been accessed and they can do whatever they want with our information. SingHealth, are you trying to [use a] red herring [argument]? Apart from strengthening your systems, you are answerable to the country on this mishap!

For just US$7.50 a month, sign up as a subscriber on The Online Citizen Asia (and enjoy ads-free experience on our site) to support our mission to transform TOC into an alternative mainstream press.

Related Posts

US businesses ‘fear internet curbs in Hong Kong’
AFP

Hong Kong offers free flights after COVID isolation

02/02/2023
Why is Gautam Adani’s Indian empire in turmoil?
AFP

Why is Gautam Adani’s Indian empire in turmoil?

02/02/2023
India’s Adani shares plunge again after stock sale cancelled
AFP

India’s Adani empire loses more than US$100 bn after fraud claims

02/02/2023
Former political prisoners calls for abolishment of ISA and apology from PAP Govt on 60th anniversary of Operation Coldstore
Civil Society

Former political prisoners calls for abolishment of ISA and apology from PAP Govt on 60th anniversary of Operation Coldstore

02/02/2023
Indian state picks new capital after kicking out Singapore consortium
India

Indian state picks new capital after kicking out Singapore consortium

02/02/2023
Anwar says Malaysia “not in hurry” to reinstate GST as he vowed to protect the low-and middle-income groups
Economics

Anwar says Malaysia “not in hurry” to reinstate GST as he vowed to protect the low-and middle-income groups

02/02/2023
Subscribe
Connect withD
Login
I allow to create an account
When you login first time using a Social Login button, we collect your account public profile information shared by Social Login provider, based on your privacy settings. We also get your email address to automatically create an account for you in our website. Once your account is created, you'll be logged-in to this account.
DisagreeAgree
Notify of
Connect withD
I allow to create an account
When you login first time using a Social Login button, we collect your account public profile information shared by Social Login provider, based on your privacy settings. We also get your email address to automatically create an account for you in our website. Once your account is created, you'll be logged-in to this account.
DisagreeAgree
0 Comments
Inline Feedbacks
View all comments

Latest posts

US businesses ‘fear internet curbs in Hong Kong’

Hong Kong offers free flights after COVID isolation

02/02/2023
Why is Gautam Adani’s Indian empire in turmoil?

Why is Gautam Adani’s Indian empire in turmoil?

02/02/2023
India’s Adani shares plunge again after stock sale cancelled

India’s Adani empire loses more than US$100 bn after fraud claims

02/02/2023
Former political prisoners calls for abolishment of ISA and apology from PAP Govt on 60th anniversary of Operation Coldstore

Former political prisoners calls for abolishment of ISA and apology from PAP Govt on 60th anniversary of Operation Coldstore

02/02/2023
Indian state picks new capital after kicking out Singapore consortium

Indian state picks new capital after kicking out Singapore consortium

02/02/2023
Anwar says Malaysia “not in hurry” to reinstate GST as he vowed to protect the low-and middle-income groups

Anwar says Malaysia “not in hurry” to reinstate GST as he vowed to protect the low-and middle-income groups

02/02/2023
Grab SG appoints PAP MP Tin Peiling as director of public affairs and policy

Grab SG appoints PAP MP Tin Peiling as director of public affairs and policy

02/02/2023
Malaysian cleaner sells his land to donate two dialysis machines worth RM 80k to the dialysis centre he works at

Malaysian cleaner sells his land to donate two dialysis machines worth RM 80k to the dialysis centre he works at

02/02/2023

Trending posts

Former Singaporean shares change of life in Australia with annual pay of S$80,000 as a plumber

Former Singaporean shares change of life in Australia with annual pay of S$80,000 as a plumber

by Yee Loon
30/01/2023
25

...

Earning only S$400 a month, delivery-rider turned hawker threw in the towel after two years of running a rojak stall

Earning only S$400 a month, delivery-rider turned hawker threw in the towel after two years of running a rojak stall

by Yee Loon
26/01/2023
24

...

Two Indian nationals paid about S$330 and S$730 respectively for forged certificates submitted in their S-Pass application

MOM found issuing EPs meant for foreign PMETs to PRC waitress and general worker

by Correspondent
26/01/2023
41

...

Temasek and GIC reportedly in talks with Adani Group accused of “brazen” market manipulation and accounting fraud

Temasek and GIC reportedly in talks with Adani Group accused of “brazen” market manipulation and accounting fraud

by The Online Citizen
26/01/2023
59

...

They have done a fine job of confusing us about the jobs situation

They have done a fine job of confusing us about the jobs situation

by Augustine Low
01/02/2023
31

...

Indian rupee falls 60% since signing of CECA while Singapore becomes top investor in India

by Correspondent
25/01/2023
69

...

July 2018
M T W T F S S
 1
2345678
9101112131415
16171819202122
23242526272829
3031  
« Jun   Aug »

The Online Citizen is a regional online publication based in Taiwan and formerly Singapore’s longest-running independent online media platform.

Navigation

  • Editorial
  • Commentaries
  • Opinion
  • Politics
  • Community

Support

  • Contact Us
  • Letter submission
  • Membership subscription

Follow Us

  • Facebook
  • Twitter
  • YouTube
  • Instagram
  • Fact Checking Policy
  • Privacy Policy

© 2022 - 2023 The Online Citizen Asia

No Result
View All Result
  • Opinion
    • Editorial
    • Commentaries
    • Comments
  • Current Affairs
    • Malaysia
    • Indonesia
    • China
    • ASEAN
    • Asia
    • International
  • Finance
    • Economics
    • Labour
    • Property
    • Business
  • Community
    • Civil Society
    • Arts & Culture
    • Consumer Watch
    • NGO
  • Politics
    • Parliament
    • Transport
    • Education
    • Environment
    • Health
    • Housing
  • Law & Order
    • Legislation
    • Court Cases
  • Lifestyle
    • Travel
  • Subscribers login

© 2022 - 2023 The Online Citizen Asia

wpDiscuz