Bad Cyber System Management Causes Data Breach at SingHealth

2019, Breaches, January

Who: SingHealth

# of Accounts Breached: 1.5 Million SingHealth patients

What was affected: Non-medical personal details of 1.5 million patients who visited SingHealth’s specialist outpatient clinics and polyclinics between May 1, 2015, and July 4, 2018, had been accessed and copied. The stolen data included patients’ name, national identification number, address, gender, race, and date of birth. Also, outpatient medical data of some 160,000 patients were compromised

When it happened: Between May 1, 2015, and July 4, 2018

How it happened: The hackers had exploited a vulnerability in the network connectivity between Citrix servers located at a general public hospital and a database to make queries to the database. This connectivity had been maintained to support the use of administrative tools and custom applications, which the committee found to be unnecessary.

Outcome: Two employees have been sacked and five senior management executives, including the CEO, were fined for their role in Singapore’s most grave security breach, which compromised personal data of 1.5 million SingHealth patients. Further enhancements will also be made to beef up the organization’s cyber defense, so that it is in line with recommendations dished out by the committee following its review of the events leading up to the breach, according to Integrated Health Information Systems (IHIS).