Internet Security System / image:

Government adamant on keeping identity of SingHealth cyberattacker secret while “experts” pinpoint China as alleged perpetrator

While the Singapore Government is adamant on keeping the identity of the SingHealth cyberattacker a secret from the public, several experts and foreign publications have pinpointed China as the perpetrator of what has been deemed as Singapore’s largest cybersecurity breach to date.

Foreign Minister Vivian Balakrishnan said on Monday (28 Jan) that the decision to keep the identities of the perpetrators behind Singapore’s largest cyber-attack last year is rooted in the need to protect the Republic’s foreign policy, in addition to serving as a potentially unhelpful and counterproductive act against the public healthcare system.

TODAY Online reported Dr Balakrishnan as saying that carrying out an exposé on the cyber-attackers, who launched the attack for “commercial and state advantage”, will not increase the security of the SingHealth system, and will potentially result in negative outcomes for Singapore’s foreign policy should any particular nation-state be named.

Minister for Communications and Information S Iswaran has reiterated on several occasions in Parliament the Government’s prerogative to withhold the identities of the perpetrators of the cyber-attack.

In response to Pioneer Member of Parliament Cedric Foo Chee Keng’s question as to whether the Government could elaborate on the decision behind keeping the perpetrators’ identity a secret, given that there “seems to be a vacuum as far as the sense of justice is concerned”, Mr Iswaran told Parliament on Tuesday (15 Jan) that “in deriving a sense of confidence, our citizens should be looking at the totality of our response and not focus on one particular aspect of the response”.

Mr Iswaran added that the Government has full knowledge of the perpetrators of the cyberattack and that it has taken the “appropriate” course of action, following that discovery.

The Communications and Information Minister had previously stated on 6 Aug last year, in response to Aljunied Member of Parliament Low Thia Khiang’s query regarding the nation-state behind the cyberattack, that the Government will not divulge the identity of the perpetrator for “national security reasons”.

Mr Iswaran told the House: “He [Mr Low] asked whether we are prepared to share the names, if we know specifically whom and whether we are able to then share that. And I would put to the Member that first, I have explained why we have a larger set of concerns around this matter.

“Secondly, in this sort of matter, whilst one can have a high level of technical confidence, one may not be able to have the certainty that you might need in order to specifically assign responsibility.

“And this is the kind of evidentiary threshold that may not stand up in a court of law, but at the operational level, the agencies that are involved have a high level of confidence in their findings.

“Having said that, we do not think it serves our national interest, nor is it a productive exercise for us to be making specific public attribution. What is essential is that we diagnose the problem clearly and take the appropriate steps.

“And if, in the process of the COI deliberations, specific attribution can be made in a manner where action can subsequently be taken up in a court of law, we will certainly consider that course of action,” stressed Mr Iswaran.

China purportedly behind SingHealth cyberattack, among other cyberattacks on other nations’ major healthcare databases, according to experts and foreign publications

Experts and foreign publications, however, have pinpointed a world superpower as the perpetrator behind Singapore’s largest cybersecurity breach to date.

On 21 Aug last year, Nikkei Asian Review named China as the nation-state responsible behind the SingHealth cyberattack.

Quoting Head of the Cyber Policy Centre at the Australian Strategic Policy Institute Fergus Hanson: “It certainly fits with a pattern of Chinese Communist Party cyberactivity”.

Mr Hanson noted that Beijing has also been accused of “other major healthcare hacks” in the United States.

Matt Palmer of risk consultancy firm Willis Towers Watson, however, credited Singapore authorities for managing to detect the SingHealth cybersecurity breach “in a matter of days”, adding that the cyberattack on a nation as well-prepared as Singapore in terms of cybersecurity serve as “a wake-up call globally”.

According to a survey by U.S. cybersecurity company FireEye, the median time from breach to discovery was 498 days last year among Asia-Pacific governments.

Professor of public ethics at Charles Sturt University and author of Silent Invasion: China’s Influence in Australia Clive Hamilton wrote in an article published on the Australian Financial Review on 13 Jan that “security agencies around the world have noticed an alarming spike of cyberattacks aimed at health records, with state-based actors in China the leading suspects”.

“Last July, it was reported that 1.5 million medical records were stolen in Singapore in a cyberattack experts believe came from state-based hackers in China,” he noted.

“The Singapore data theft followed a massive hack in 2014 that sucked up the personnel records of millions of Americans, and the theft of 4.5 million health records from a Tennessee-based hospital chain in the same year.

“In the same year, the medical records of an unspecified number of Australian soldiers, including special forces operating overseas, were sent to China by a health contractor that also has facilities in Guangdong,” he added.

Prof Hamilton added that such cyberattacks are a result of Chinese firms being compelled “by the law to obey directives from Beijing’s intelligence agencies”.

However, he opined that “Beijing’s security services would not need to hack into My Health Record” – which is Australia’s new public online medical database – in order to get their hands on the the medical data.

Prof Hamilton suggested that “An easier route would be to suborn an employee of a Chinese-owned healthcare provider in Australia to copy a database and hand it over, or to plug in a USB that installs malware”.

He added: “Some Chinese investors have said they are particularly interested in the big data processing and artificial intelligence capabilities of Australian companies, including use of Australian patient data to develop systems for Chinese hospitals.

While Chinese companies such as The Jangho Group, a Shanghai-based building supplies firm, “may have entirely legitimate intentions when they buy up assets in Australia”, Prof Hamilton noted that “Chinese citizens and companies are obliged to participate in “intelligence work” if asked to do so, even when abroad”.

“In addition, every major Chinese company has a Communist Party cell operating in it. The Party secretary often doubles as chair of the board.

“This is the reality of the “corporate-state conglomerate” in China under President Xi Jinping,” said Prof Hamilton.

Prof Hamilton acknowledged the potential economic benefits of “Chinese investment in Australia’s healthcare sector”, which include “bringing new funds, stimulating the export of expertise and helping expansion into the booming Chinese market”.

However, he warned that “these [economic benefits] must be balanced against the risks to national security”.

“The specific risk of giving Chinese companies direct access to Australian medical records is that China’s intelligence services could access those records for information on current or future political, military and public service leaders in order to blackmail them, as posited by Prime Minister Lee Hsien Loong in the aftermath of the SingHealth cyberattack: “I don’t know what the attackers were hoping to find. Perhaps they were hunting for some dark state secret, or at least something to embarrass me.”

“Some may have psychiatric conditions or be on mental health plans. They may have sexually transmitted diseases. Data on medications would be enough. Publication of such sensitive information could wreck careers and make those who have been compromised open to coercion,” Prof Hamilton further cautioned.