Internet Security System / image:

While the Singapore Government is adamant on keeping the identity of the SingHealth cyberattacker a secret from the public, several experts and foreign publications have pinpointed China as the perpetrator of what has been deemed as Singapore’s largest cybersecurity breach to date.

Foreign Minister Vivian Balakrishnan said on Monday (28 Jan) that the decision to keep the identities of the perpetrators behind Singapore’s largest cyber-attack last year is rooted in the need to protect the Republic’s foreign policy, in addition to serving as a potentially unhelpful and counterproductive act against the public healthcare system.

TODAY Online reported Dr Balakrishnan as saying that carrying out an exposé on the cyber-attackers, who launched the attack for “commercial and state advantage”, will not increase the security of the SingHealth system, and will potentially result in negative outcomes for Singapore’s foreign policy should any particular nation-state be named.

Minister for Communications and Information S Iswaran has reiterated on several occasions in Parliament the Government’s prerogative to withhold the identities of the perpetrators of the cyber-attack.

In response to Pioneer Member of Parliament Cedric Foo Chee Keng’s question as to whether the Government could elaborate on the decision behind keeping the perpetrators’ identity a secret, given that there “seems to be a vacuum as far as the sense of justice is concerned”, Mr Iswaran told Parliament on Tuesday (15 Jan) that “in deriving a sense of confidence, our citizens should be looking at the totality of our response and not focus on one particular aspect of the response”.

Mr Iswaran added that the Government has full knowledge of the perpetrators of the cyberattack and that it has taken the “appropriate” course of action, following that discovery.

The Communications and Information Minister had previously stated on 6 Aug last year, in response to Aljunied Member of Parliament Low Thia Khiang’s query regarding the nation-state behind the cyberattack, that the Government will not divulge the identity of the perpetrator for “national security reasons”.

Mr Iswaran told the House: “He [Mr Low] asked whether we are prepared to share the names, if we know specifically whom and whether we are able to then share that. And I would put to the Member that first, I have explained why we have a larger set of concerns around this matter.

“Secondly, in this sort of matter, whilst one can have a high level of technical confidence, one may not be able to have the certainty that you might need in order to specifically assign responsibility.

“And this is the kind of evidentiary threshold that may not stand up in a court of law, but at the operational level, the agencies that are involved have a high level of confidence in their findings.

“Having said that, we do not think it serves our national interest, nor is it a productive exercise for us to be making specific public attribution. What is essential is that we diagnose the problem clearly and take the appropriate steps.

“And if, in the process of the COI deliberations, specific attribution can be made in a manner where action can subsequently be taken up in a court of law, we will certainly consider that course of action,” stressed Mr Iswaran.

China purportedly behind SingHealth cyberattack, among other cyberattacks on other nations’ major healthcare databases, according to experts and foreign publications

Experts and foreign publications, however, have pinpointed a world superpower as the perpetrator behind Singapore’s largest cybersecurity breach to date.

On 21 Aug last year, Nikkei Asian Review named China as the nation-state responsible behind the SingHealth cyberattack.

Quoting Head of the Cyber Policy Centre at the Australian Strategic Policy Institute Fergus Hanson: “It certainly fits with a pattern of Chinese Communist Party cyberactivity”.

Mr Hanson noted that Beijing has also been accused of “other major healthcare hacks” in the United States.

Matt Palmer of risk consultancy firm Willis Towers Watson, however, credited Singapore authorities for managing to detect the SingHealth cybersecurity breach “in a matter of days”, adding that the cyberattack on a nation as well-prepared as Singapore in terms of cybersecurity serve as “a wake-up call globally”.

According to a survey by U.S. cybersecurity company FireEye, the median time from breach to discovery was 498 days last year among Asia-Pacific governments.

Professor of public ethics at Charles Sturt University and author of Silent Invasion: China’s Influence in Australia Clive Hamilton wrote in an article published on the Australian Financial Review on 13 Jan that “security agencies around the world have noticed an alarming spike of cyberattacks aimed at health records, with state-based actors in China the leading suspects”.

“Last July, it was reported that 1.5 million medical records were stolen in Singapore in a cyberattack experts believe came from state-based hackers in China,” he noted.

“The Singapore data theft followed a massive hack in 2014 that sucked up the personnel records of millions of Americans, and the theft of 4.5 million health records from a Tennessee-based hospital chain in the same year.

“In the same year, the medical records of an unspecified number of Australian soldiers, including special forces operating overseas, were sent to China by a health contractor that also has facilities in Guangdong,” he added.

Prof Hamilton added that such cyberattacks are a result of Chinese firms being compelled “by the law to obey directives from Beijing’s intelligence agencies”.

However, he opined that “Beijing’s security services would not need to hack into My Health Record” – which is Australia’s new public online medical database – in order to get their hands on the the medical data.

Prof Hamilton suggested that “An easier route would be to suborn an employee of a Chinese-owned healthcare provider in Australia to copy a database and hand it over, or to plug in a USB that installs malware”.

He added: “Some Chinese investors have said they are particularly interested in the big data processing and artificial intelligence capabilities of Australian companies, including use of Australian patient data to develop systems for Chinese hospitals.

While Chinese companies such as The Jangho Group, a Shanghai-based building supplies firm, “may have entirely legitimate intentions when they buy up assets in Australia”, Prof Hamilton noted that “Chinese citizens and companies are obliged to participate in “intelligence work” if asked to do so, even when abroad”.

“In addition, every major Chinese company has a Communist Party cell operating in it. The Party secretary often doubles as chair of the board.

“This is the reality of the “corporate-state conglomerate” in China under President Xi Jinping,” said Prof Hamilton.

Prof Hamilton acknowledged the potential economic benefits of “Chinese investment in Australia’s healthcare sector”, which include “bringing new funds, stimulating the export of expertise and helping expansion into the booming Chinese market”.

However, he warned that “these [economic benefits] must be balanced against the risks to national security”.

“The specific risk of giving Chinese companies direct access to Australian medical records is that China’s intelligence services could access those records for information on current or future political, military and public service leaders in order to blackmail them, as posited by Prime Minister Lee Hsien Loong in the aftermath of the SingHealth cyberattack: “I don’t know what the attackers were hoping to find. Perhaps they were hunting for some dark state secret, or at least something to embarrass me.”

“Some may have psychiatric conditions or be on mental health plans. They may have sexually transmitted diseases. Data on medications would be enough. Publication of such sensitive information could wreck careers and make those who have been compromised open to coercion,” Prof Hamilton further cautioned.

Notify of
Inline Feedbacks
View all comments
You May Also Like

New union of healthcare workers urges Hong Kong government to seal off border with China with industrial action threat

A report by the Hong Kong Free Press (HKFP) says that a…

Former President Dr Tony Tan appointed Director and Special Advisor of GIC

Singapore’s investment body, GIC announced on Tuesday (21 November) that former President…


前日,主管低薪工人事务的职总助理秘书长再纳,出席《海峡时报》举行的圆桌对话会,探讨在破坏式经济时代下,国内劳动阶级的薪资模式。 受邀出席的尚有巡回大使许通美教授、淡马锡控股主席林文兴、新加坡中小企业协会会长王崇健以及清洁公司Nimbus创办人之一汤信豪。 许通美在对话会上,捍卫最低薪资制,他指出目前政府推出的就业入息补贴(WIS)和渐进式薪资模式(PW)立意虽善,但是还不够完善,他们的补贴或给付并不多,仍不足以让劳工摆脱贫穷。 所以,他提出,如果政府把渐进式薪资模式作为落实最低薪资制的先行计划,有计划逐步落实在所有领域;或者政府愿意提升WIS的补贴给付,让劳工减轻负担,才能达到效果。 目前,渐进式薪资模式进落实在保安、园艺、清洁工和电梯维修领域,保障这四大领域劳工的基本薪资,未来薪资透过参与培训、绩效表现增长。 但吊诡的是,身为职总副秘书长、理应和劳工站在一起的再纳,对于许通美的建议,说了令人困惑的话:“这不在我的职权范围,教授。”(not within my pay grade, Prof.) 这句话的潜台词似乎是:“这是我老板考虑的事,我操哪门子心呢?”…

COVID-19: Defence Minister says Government will try to minimise retrenchments due to virus outbreak

On Friday (14 February), Singapore’s Defence Minister Ng Eng Hen assured the…