The hacking of the SingHealth database and the stealth of 1.5 million patient records was discovered on 20 July 2018.
Shortly after, SingHealth removed access to the database through the Internet. This was a precautionary measure taken to prevent further hacking.
It produced a negative consequence. The doctors need to access the database in the course of their daily work. The removal of the access through the Internet hampered their work.
Three months have already passed. The CEO of SingHealth told the commission of inquiry (COI) that the removal of internet access cause work to be delayed and many staff have to work extra hours.
I am surprised at the incompetence of the people in charge and the loss of productivity, which must lead to high operating cost. This must eventually be paid by the people who need the health services.
I wish to point out these issues:
a) Hundred of thousand of website and portals around the world allow access through the Internet. They seem to be able to manage their security without resorting to extreme measures.
b) It is possible to track unauthorized access and to act early to prevent the large scale stealth of data. Some data may be stolen by a hacked user credential, but early action can prevent more data from being stolen.
c) Some of the activities, such as booking of appointment, do not need to have access to the patient database, This can be facilitated.
d) The access by authorized users can be tracked so that each doctor is allowed a limited number of access to patient records for each day. Furthermore, it is possible to audit the access, i.e. that the doctor only access the records of his patients.
If the people in charge take the steps to implement the tracking of access by authorized users, it will prevent the large scale stealth of data. It will also allow the doctors to continue to access the database to facilitate their daily work.
We are supposed to aspire to be a Smart Nation. There are many highly paid and highly qualified professionals working under this project. Surely, they will be able to come out with a solution? If not, can they go out and ask for help?
Tan Kin Lian
Shortly after, SingHealth removed access to the database through the Internet. This was a precautionary measure taken to prevent further hacking.
It produced a negative consequence. The doctors need to access the database in the course of their daily work. The removal of the access through the Internet hampered their work.
Three months have already passed. The CEO of SingHealth told the commission of inquiry (COI) that the removal of internet access cause work to be delayed and many staff have to work extra hours.
I am surprised at the incompetence of the people in charge and the loss of productivity, which must lead to high operating cost. This must eventually be paid by the people who need the health services.
I wish to point out these issues:
a) Hundred of thousand of website and portals around the world allow access through the Internet. They seem to be able to manage their security without resorting to extreme measures.
b) It is possible to track unauthorized access and to act early to prevent the large scale stealth of data. Some data may be stolen by a hacked user credential, but early action can prevent more data from being stolen.
c) Some of the activities, such as booking of appointment, do not need to have access to the patient database, This can be facilitated.
d) The access by authorized users can be tracked so that each doctor is allowed a limited number of access to patient records for each day. Furthermore, it is possible to audit the access, i.e. that the doctor only access the records of his patients.
If the people in charge take the steps to implement the tracking of access by authorized users, it will prevent the large scale stealth of data. It will also allow the doctors to continue to access the database to facilitate their daily work.
We are supposed to aspire to be a Smart Nation. There are many highly paid and highly qualified professionals working under this project. Surely, they will be able to come out with a solution? If not, can they go out and ask for help?
Tan Kin Lian
No comments:
Post a Comment