Sunday, 24 September 2023

We are shifting our daily news to Gutzy.Asia Support us there!

Blockchain technologies can buttress safety of medical records, says world-renowned cybersecurity expert

In a joint release on 20 Jul, the Ministry of Health (MOH) and Ministry of Communications and Information (MCI) said that 1.5 million SingHealth patients’ records were illegally accessed and copied by hackers, including the records of Prime Minister Lee Hsien Loong, whose records were said to have been “specifically and repeatedly” aimed at.

The announcement revealed that unusual activity was detected on one of SingHealth’s IT databases on 4 July and the activity was ceased immediately. On 10 July 2018, investigations confirmed that it was a cyberattack and MOH, SingHealth and Cyber-Security Agency were informed. It was established that data was exfiltrated from 27 June 2018 to 4 July 2018.

To try and understand more about the cyber-attack on SingHealth and how it might be possible to address the threats, TOC sought the opinion of Ralph Echemendia, a world-renowned Estonian cyber security expert, regarding the recent cybersecurity breach.

Echemendia, who is globally known by his alter ego “The Ethical Hacker”, is a computer hacking consultant and has taught major corporations and federal governments on how to better protect themselves from digital threats and security breaches.

He also assists some of the biggest names in Hollywood. His current mission is to help provide the world with a more secure digital experience through a safe-ware app under his development called Seguru.

Question: How concerned should those who had their particulars stolen be? Is there any possibility of fraud being committed with the details? According to government’s announcement, some of the details that were retrieved include name, number of identification, gender, residential address, and birth date.

Ralph Echemendia (RE): Of course they should be concerned. These data points are almost everything needed to commit fraud in a number of ways. We always tend to think that impact can only come from financial fraud, but imagine if you would if someone used this data to target individuals purely for the purpose of making their lives difficult. We must be aware that data can be used in ways we have yet seen the effects of in our daily lives.

The government revealed that the suspicious activities persisted a few days before it was discovered, and that the connection was terminated. But how much time really do cyber-criminals need to retrieve the info that they need?

RE: 24 hours is more than enough to exfiltrate that data.

It seems that the government had used a centralised server to store its database. Is there any security drawbacks in doing so and is there any better alternatives?

RE: This is the norm for most organisations. Whilst technology such as (de-centralised) blockchain exists, most [governments] have yet to implement such a model.

We understand from the current hospital staff that the IT system allows multiple logins at the same time, and also does not log users out in the event of prolonged inactivity*. What security risk(s) does it pose?

RE: Many security risks come from such policies. User logins can be hacked into and abused by allowing multiple logins. In addition, without proper logging and monitoring, such breaches can go undiscovered for days if not months.

What kind of security system can ensure the safety of sensitive data such as medical records, with only authorised personnel being allowed access but at the same time, still maintain connectivity to the Internet and not just the Intranet? 

RE: Blockchain technologies can provide such functionality. Healthcare should be the first (outside of financial) to take advantage of said technologies.

Implementing blockchain technology into a medical record would provide several “features” that strengthen security and patient safety. For one, it could provide an audit trail. A log of its use and its location (computer and physical).

Secondly, it could provide the details on who has accessed the record from where and why. If records were stolen, their use would further implicate the thieves; rendering their use outside of legitimate sources worthless.

A medical record is probably one of the most justifiable places to use this technology outside of finance where a ledger of data use is truly valuable to security.

Countries adopting blockchain technology to safeguard information

Estonia, for example, is coming out with a technology called Keyless Signature Infrastructure (KSI) for the purpose of protecting all public-sector data, according to McKinsey & Company.

KSI creates hash values, which uniquely display large amounts of data as smaller numeric values. The hash values can be used to identify records, but not rewrite the information available in the records. The hash values are then stored in a blockchain, and later disseminated across a private and discreet network of state computers. A new hash value is affixed to the chain whenever changes are made to an underlying file, which renders the information unalterable later on.

It is said that transparency of the records is almost completely guaranteed. Any external or internal tampering can be detected and even avoided as the KSI will facilitate government officials’ surveillance of any changes made within multiple databases.

Currently, the electronic health records of all citizens of Estonia are governed using the KSI technology. Estonia has expressed its aims to extend KSI to all government agencies, as well as private-sector companies in the country.

*TOC has written to Ministry of Health for their comments on the IT system but has yet to receive a reply from the ministry

Notify of
Oldest Most Voted
Inline Feedbacks
View all comments

Latest posts

Election surprises and certainties: Dissecting Tharman’s presidential win

In the 2023 Presidential Election, Mr. Tharman Shanmugaratnam secured a stunning 70.4% landslide victory, surprising many, including himself. Despite expectations that TKL would win the opposition votes, voters from both camps showed a preference for Tharman's charisma and perceived competency. As Singapore reflects on the outcome, questions arise about the election's fairness and the real implications of Tharman's dominant win.

Volunteer as a Polling and Counting Agent for Singapore’s 2023 Presidential Election

For the upcoming Singapore Presidential Election on 1st September, members of the civil society have spearheaded an initiative to strengthen our democratic fabric. We invite committed individuals to join us as Polling and Counting Agents, standing together for a transparent, fair, and just election. This vote counting exercise, organized by members of civil society, is not specifically in support of Mr Tan Kin Lian, a candidate in the upcoming Presidential Election. It's an exercise in active citizenry. Nonetheless, Mr Tan endorses this initiative, which hinges on his candidacy, championing transparency, and has given permission for the results to be shared publicly.

Reflections from the Centenary: The Legacy of LKY and Singapore’s Future

Gilbert Goh reflects on the LKY centenary event: an inspiring showcase of a leader's global legacy juxtaposed against current challenges, urging Singapore to continue its path of progress.

Lim Tean advocates for Tan Kin Lian: A visionary leader for Singapore’s Presidency

In his speech at Mr Tan Kin Lian's launch of his presidential bid, Mr Lim Tean passionately championed the need for a truly Independent President. Highlighting Mr Tan Kin Lian's unique credentials and genuine concern for the wellbeing of Singaporeans, the Peoples Voice leader emphasized the pressing challenges of rising living costs and job insecurities faced by the public. Mr Lim depicted Mr Tan Kin Lian as a beacon of hope for the nation, advocating for a leader who genuinely understands and represents the people’s aspirations.

Tan Jee Say endorses Tan Kin Lian for President: A courageous, genuine, and humble...

In advocating for a truly representative leader, Tan Jee Say underscored Tan Kin Lian's humility, courage, and genuine dedication. Highlighting the pressing need for restored public trust and effective independence, Tan Jee Say emphasized that Tan Kin Lian, as the 'People's President', would bring back hope to Singaporeans and champion true democracy

Tan Kin Lian’s pledge: Rekindling unity and charting a vigorous future for Singapore

In the press conference to announce his bid for the Singapore presidency, Tan Kin Lian emphasizes safeguarding Singapore's reserves and strengthening public service integrity. Drawing on his 30-year leadership at NTUC Income, he envisions a future with affordable living, accessible housing, and job stability, pledging collaboration with the government for a united nation.

Strengthening Singapore’s political foundations: A call to action by Leong Mun Wai on Singapore’s...

Leong Mun Wai urges Singaporeans to strengthen political checks and balances, emphasizing, 'The best is yet to be for Singapore if we dare to make the right decision in upcoming elections.

Trending posts