SingHealth

SingHealth
Named after Singapore Health Services
Formation April 1, 2000 (2000-04-01)
Services healthcare
Owner government
Key people
 Ivy Lim Swee Lian (Group CEO)
Parent organization
 MOH Holdings Pte. Ltd.
Subsidiaries Singapore General Hospital, Changi General Hospital, KK Women's and Children's Hospital, Sengkang General Hospital, National Cancer Centre Singapore, National Heart Centre Singapore, Singapore National Eye Centre, National Dental Centre Singapore and the National Neuroscience Institute
Website www.singhealth.com.sg

SingHealth is Singapore's largest group of healthcare institutions. The group was formed in 2000 and consists of four public hospitals, five national specialty centres and a network of nine polyclinics. The group operates Singapore General Hospital, Changi General Hospital, KK Women's and Children's Hospital and Sengkang General Hospital. The group also runs five national specialty centres which include National Cancer Centre Singapore, National Heart Centre Singapore, Singapore National Eye Centre, National Dental Centre Singapore and the National Neuroscience Institute.

On 3 November 2009, Singapore General Hospital and SingHealth Group launched the inaugural issue of Singapore Health – a newspaper reporting on health-related matters affecting Singaporeans.[1]

On 20 January 2017, SingHealth announced it will be merging with Eastern Health Alliance, essentially bringing back Changi General Hospital into the SingHealth cluster.

Data breach incident

Between 27 June and 4 July 2018, the personal particulars of 1.5 million SingHealth patients, and records of outpatient dispensed medicines for 160,000 of those patients, were stolen in a cyberattack. The names, NRIC numbers, addresses, dates of birth and race and gender information of patients who visited specialist outpatient clinics and polyclinics between 1 May 2015 and 4 July 2018 were maliciously accessed and copied. Information relating to patient diagnosis, test results and doctors' notes were unaffected.[2] Information on Prime Minister Lee Hsien Loong was specifically targeted.[3]

Discovery and investigation

The database administrators for the Integrated Health Information Systems (IHIS), the public healthcare IT provider, detected unusual activity on one of SingHealth’s IT databases on 4 July, and implemented precautions against further intrusions. Network traffic monitoring was enhanced; additional malicious activity was detected after 4 July, but did not result in the theft of any data.[4] Having ascertained that a cyberattack occurred, administrators notified the ministries and involved the Cyber Security Agency (CSA) on 10 July to carry out forensic investigations. The agency determined that perpetrators gained privileged access to the IT network by compromising a front-end workstation, and obtained login credentials to assess the database, while hiding their digital footprints.[4] News of the attack was made public in a statement released by the Ministry of Communications and Information and Ministry of Health on 20 July.[3] The ten-day delay between the discovery of the attack and the public announcement was attributed to time needed to fortify the IT systems, conduct preliminary investigations, identify affected patients and prepare the logistics of the announcement.[5] Text messages were subsequently sent to patients whose data was affected.[4]

In Parliament, S. Iswaran, Minister for Communications and Information, attributed the attack to sophisticated state-linked actors who wrote customized malware to circumvent SingHealth's antivirus and security tools. Iswaran did not name any state, in the interest of national security.[6]

A Committee of Inquiry was convened to investigate the causes of the attack and identify measures to help prevent similar attacks. The four-member committee is chaired by former chief district judge Richard Magnus, and comprise leaders of a cyber-security firm, a healthcare technology firm and the National Trades Union Congress respectively. The committee called on the Attorney-General's Chambers to lead evidence, and the Attorney-General's Chambers appointed the Cyber Security Agency to lead the investigations with the support of the Criminal Investigation Department. The committee will hold closed-door and public hearings from 28 August, and will receive public submissions.[7]

Aftermath

Following the cyberattack, Internet access was temporarily removed from all public healthcare IT terminals with access to the healthcare network, and additional system monitoring and controls were implemented.[8]

The attack led to a two-week pause in Singapore's Smart Nation initiatives and a review of the public sector's cyber-security policies during that time. The review resulted in implementation of additional security measures, and urged public sector administrators to remove Internet access where possible and to use secure information exchange gateways otherwise.[9] The attack also renewed concerns among some healthcare practitioners regarding ongoing efforts to centralize electronic patient data in Singapore. Plans to pass laws in late 2018 making it compulsory for healthcare providers to submit data regarding patient visits and diagnoses to the National Electronic Health Record system were postponed.[10]

See also

References

  1. "SGH and SingHealth launch Singapore's first bilingual health newspaper, Singapore Health - Singapore General Hospital". www.sgh.com.sg. Archived from the original on 2018-09-26. Retrieved 2017-07-09.
  2. "Personal info of 1.5m SingHealth patients, including PM Lee, stolen in Singapore's worst cyber attack". 2018-07-20. Archived from the original on 2018-08-22. Retrieved 2018-10-02.
  3. 1 2 Kwang, Kevin (2018-07-20). "Singapore health system hit by 'most serious breach of personal data' in cyberattack; PM Lee's data targeted". Channel NewsAsia. Archived from the original on 2018-07-26.
  4. 1 2 3 "Hackers stole data of PM Lee and 1.5 million patients in 'major cyberattack' on SingHealth". TODAYonline. 20 July 2018. Archived from the original on 2018-07-21. Retrieved 2018-10-02.
  5. Baharudin, Hariz (2018-08-07). "Ministers' answers". The Straits Times. Archived from the original on 2018-08-17. Retrieved 2018-08-16.
  6. "Singapore Minister: Major Cyberattack May Be State-Linked". The Associated Press. 2018-08-06. Archived from the original on 2018-08-17. Retrieved 2018-08-16.
  7. Baharudin, Hariz (2018-08-08). "COI hearings on SingHealth cyber attack from Aug 28". The Straits Times. Archived from the original on 2018-08-17. Retrieved 2018-08-16.
  8. "SingHealth cyberattack: Internet surfing delinked at all public healthcare clusters". Channel NewsAsia. Archived from the original on 2018-08-17. Retrieved 2018-08-16.
  9. Tham, Irene (2018-08-03). "SingHealth cyber attack: Pause on Smart Nation projects lifted; 11 critical sectors told to review untrusted external connections". The Straits Times. Archived from the original on 2018-08-17. Retrieved 2018-08-16.
  10. Wong, Pei Ting (2018-07-23). "Doctors raise concerns again over national e-records system after data breach at SingHealth". TODAYonline. Archived from the original on 2018-08-17. Retrieved 2018-08-16.
This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.