More Information about July 2018’s Singapore SingHealth Data Breach Revealed

Last July, we have reported the SingHealth Singapore’s massive data breach, in fact, the biggest security breach in the city-state’s history. The investigation continued for a quarter, with a shocking revelation that describes Singapore’s weakness when it comes to handling a post-hack scenario, the hesitation of reporting to authorities that something went wrong. People who first discovered a cybersecurity issue don’t want to get into the trouble and the pressure of being the whistleblower.

The log files of the incident have been recovered by authorities, revealing the weak implementation of the incident reporting protocols for Integrated Health Information Systems (IHiS), the vendor of the patient record system used by SingHealth. It took IHiS’ employee responsible for monitoring the health of the network and the system more than 48-hours to report a suspicious activity.

“My focus was on isolating, containing and defending. I was so busy with this that I did not escalate to management about the security incident,” explained Ernest Tan Choon Kiat, IHiS’ Senior Manager for Infra/Security Management.

Choon Kiat confessed to the fact-finding body that suspicious behaviors in the system were already apparent even way back June 2018. However, his hesitation of reporting the incident to the higher-up in the chain of command came from the anxiety of dealing with enormous pressure from management.

“I thought to myself: ‘If I report the matter, what do I get? If I report the matter, I will simply get more people chasing me for more updates. If they are chasing me for more updates, I need to be able to get more information to provide them,” added Choon Kiat, as Singapore Health Ministry is pressing for answers.

This admission is in direct confirmation of what Benjamin Lee, an engineer for IHiS has already said in a separate testimonial interview. “We really need to escalate into the incident… seems like someone managed to get into the SCM db already… attack is going on right now… attacker is already in our network,” explained Lee as recorded in a July 4 corporate chat.

IHiS employees are being subjected to revaluation and reassessment of their standard protocols, in order to promote a healthy atmosphere of ease of reporting an incident. With the common understanding of the risks against patients data, the enormous pressure of IT support professionals to do “damage control” is very reasonable time and cost.

No other than Singapore’s Prime Minister believes that the attackers stealing 1.5 million patients records from SingHealth was only the tip of the iceberg. “The attackers targeted my own medication data, specifically and repeatedly. I don’t know what the attackers were hoping to find. Perhaps they were hunting for some dark state secret or at least something to embarrass me. If so, they would have been disappointed. My medication data is not something I would ordinarily tell people about, but there is nothing alarming in it. When SingHealth digitized its medical records, they asked me whether to computerize my own personal records too or to keep mine in hardcopy for security reasons,” explained Lee Hsien Loong