Wednesday, July 25, 2018

Hacking into SingHealth Database

We have sketchy information about how the "sophisticated hacker" who is probably state sponsored, carried out the cyber attack.

Here are the information that were released:

a) 1.5 million records were accessed of patients who made visits during a certain period (about 5 years)

b) It seemed that the records of other patients who did not make a visit during this period were not accessed.

c) The DPM said that we have to review the connection to the internet.

d) The hacker got access to a front end terminal.

e) The data was extracted over a period of two weeks.

Based on this information, this is my quess on what had happened:

f) The hacker was able to get the login ID and password of the staff using the affected terminal.

g) There was a page that allows the staff to view the details of all the patients making a visit on a certain date or period and maybe for each hospital or all hospitals.

h) The hacker was able to use this page to patiently download the data of the patients who visited each hospital for each day.

If my guess is correct, then the vulnerability that could be prevented are:

i) All staff access should be through the intranet, rather than the internet.

I shall wait for the discussion in the Commission of Inquiry hearing to see if my guess is correct.

Tan Kin Lian

No comments:

Blog Archive