Singapore’s Most Serious Cyberattack

Singapore’s government health database was the target of a major cyberattack, and personal information of about 1.5 million people, including Prime Minister Lee Hsien Loong, was stolen on 20 July.

The attack on SingHealth, the largest group of healthcare institutions in Singapore, is deemed to be the most serious cyberattack on Singapore.

Background

The globalization of value chains, increased financial integration, rapid urbanization, the Internet of things and its ubiquity have all accelerated worldwide economic growth over the past few decades. Unfortunately, the same developments have also significantly increased our vulnerability to external shocks and global crisis. In most OECD (Organisation for Economic Co-operation and Development) countries, the digital economy has become the economy.

In an interconnected world, enterprises everywhere, from small business to the largest, are vulnerable to cyber-attacks. Criminals deliver spam, cast phishing attacks, facilitate click-frauds and launch distributed denial of service (DDoS) attacks with high precision. A thriving underground economy fuels the growth of innovative malwares, incentivizing cyberattacks.  

Cyber threats today go well beyond network security. They are asymmetric, continually evolving and becoming more sophisticated.  Cyber threats encompass external and internal intelligence such that IT managers in most instances are not equipped to handle such interdisciplinary threats and tend to inadvertently put organizations at a strategic disadvantage.

Within two decades, the global population that has access to the Internet drastically grew from only 4% to 40% of the world now. In 2017, there were 8.4 billion connected smart devices and the number is set to grow to 20.4 billion by 2020. At the same time, the increased use of digital technology also translated into great demand for cybersecurity products and services, with the global market for cybersecurity estimated to grow by nearly 15% annually to over US$1 trillion by 2021.

Read More about Cyber Security: The Broad Dilemma 

Analysis 

About 1.5 million patients who visited SingHealth's specialist outpatient clinics and polyclinics from May 1, 2015 to July 4, 2018 had their personal particulars illegally accessed and copied. The data stolen included name, NRIC (National Registration Identity Card) number, address, gender, race and date of birth. About 160,000 of these patients also had their outpatient prescriptions stolen.

“Investigations by the Cyber Security Agency of Singapore (CSA) and the Integrated Health Information System (IhiS) confirmed that this was a deliberate, targeted and well-planned cyberattack,” a government statement said.

According to the CSA, attackers specifically and repeatedly targeted PM Lee's personal particulars and information on medicine that had been dispensed to him. However, healthcare services were not disrupted and patient care was not compromised during the attack. The Ministry of Communications has planned to set up a Committee of Inquiry whilst taking immediate action to strengthen government systems against cyber attacks.

The CSA has noted that it is not the action of casual hackers or criminal gangs. Initial investigations showed that one SingHealth workstation was infected with malware through which the hackers gained access to the data base, while expertly clearing their digital footprint in the process. The data theft happened between June 27 and July 4, 2018.

In 2017, hackers broke into a defence ministry database, stealing the information of some 850 army conscripts and ministry staff. The economic damage from cyberattacks on companies in Singapore amounted to $17.7 billion, with much of that loss caused by the impact on the wider ecosystem and leading to decreased consumer and enterprise spending, according to a 2017 Microsoft study.

The study also found that while cyberattacks such as ransomware have recently risen to prominence, it is actually fraudulent wire transfer, data corruption, online brand impersonation and data exfiltration (the ability to get data out from an organisation) that are most concerning for companies that have suffered attacks.

Singapore has overtaken nations including the U.S., Russia and China as the country launching the most cyber attacks globally, according to Israeli data security firm Check Point Software Technologies. Since Singapore is a key Southeast Asian technology hub, much of the traffic flowing through Singapore originates in other countries. Thus, a cyber attack recorded as coming from Singapore might have been launched elsewhere.

“Given Singapore’s connectivity, what happens globally is often immediately felt here. WannaCry similarly hit some businesses here, but the impact was not as widespread or disruptive as seen elsewhere,” said CSA’s Commissioner of Cybersecurity David Koh. He added that small and medium enterprises (SMEs) are especially vulnerable, as they often lack the resources or know-how to adopt appropriate cybersecurity practices.

Assessment

Our assessment is that the global connectivity of Singapore makes it vulnerable to cyberattacks, however, the government has the capacity to institute security mechanisms and regulations to eliminate threats. We believe that corporate boards ought to make the digital defence a top priority through systematic preventive measures. We feel that preparation to detect and respond to breaches is important.