8/26/2021

One More Stupidity Has No Cure Incident?

 

Sensitive clinical information and confidential personal data and of at least 73,466 patients were stolen in a cyberattack on a branch clinic of the Eye & Retina Surgeons.

The illegal ransomware cyberattack was carried out by a sophisticated unknown party on 6 Aug 2021.

Investigation is being carried out to determine the root causes of the leakage.

The eye specialist stated in a press release today (25 August) that the affected data include patients' names, addresses, identity card numbers, contact details and and sensitive clinical information. No credit card or bank account information was accessed or compromised.

How so?

It affected servers and several computer terminals at the clinic's branch in Camden Medical centre in the Orchard Road area.

The IT system at the clinic's branch in Mount Elizabeth Novena Specialist Centre was not affected.

"To optimise data security, (Eye & Retina Surgeons) maintains segregated networks and active medical records are maintained separately on a cloud-based system and thus were not accessed or compromised," the clinic added.

None of the practice's clinical operations were affected, and its IT systems have been securely restored, it said.

The clinic stated that there has been no known release of sensitive data into the public domain to date, and that it will continue to monitor the situation closely.

"Patients are now being progressively informed of this cyber-incident," it added

The incident has been reported to the Police, the Personal Data Protection Commission and the Singapore Computer Emergency Response Team (SingCert).

Eye & Retina Surgeons said that its IT team has been working closely with the Cybersecurity Agency of Singapore and the Ministry of Health to investigate the root causes of the incident.

"All necessary measures to prevent a recurrence of this breach will be taken," said the clinic, adding that it was working with cybersecurity experts and authorities to identify any potential areas in its IT systems that can be further secured.

"(Eye & Retina Surgeons) regrets this breach and wishes to assure its patients that it takes patient confidentiality very seriously," the clinic said.

But actually not serious enough. Otherwise, such intrusion into its IT system would not have happened in the first place. After their data and information have been leaked, it is no use to talk about seriousness in safeguarding patients' confidentiality. It only rubs more salts into their wounds.

Why take 20 days to report the matter to the public?

After 20 days, still the root cause of the leakage has yet to be discovered? Why take so long? Are you really serious in finding out the root cause in order to prevent further attacks of such nature?

If the cyberattacks are considered as sophisticated, that means the clinic's IT System and IT staff are not sophisticated. Therefore, they need to be replaced with a better IT system and better IT manager.

Stupidity has no cure?

9 comments:

Anonymous said...


It's not surprising that Singapore has frequently suffered Cyber attacks because it is employing all the fake IT specialists from India. Who knows! they may be part of the problem? Selling data is lucrative big business.

Why are the IT and Computer graduates of Singapore universities being unemployed and jobless? Disgusting policy to marginalise own citizens. Time to seriously rectify the problem or face potential great disaster.

Singapore wake up especially the authorities or face economic debacle down the road to sink hole and death.

A very angry Singaporean blue citizen.

Angry in Bishan said...

We need better hospital administrators and IT managers who understand how to protect Singapore from hackers.

Anonymous said...

Legs open wide wide bringing in foreigners to guard your house is like paying foxes to guard your chicken coop.

Anonymous said...

Hahaha

Maybe they know the root cause, but they have to figure out who to blame. You know the usual suspects, or the usual bogeyman.

Anonymous said...

I always have that suspicion that computer viruses could be created by the same people who came out with anti virus software. They have the most to profit from it. What would normal people gain by wasting time creating computer viruses?

Dr Quack said...

Anon - This is different. Computer viruses were created to cause mischief so that a small group of socially isolated, disgruntled, self-hating insecure people could claim credit among one another. Hacking is more sophisticated. There is an ulterior motive to steal information for identity theft, ransomware, or just profile building for espionage against selected people. Donald Trump was blackmailed by Putin due to the pee tape where he participated in golden shower activities with Russian prostitutes before he became president.

Either way, we first need to identify the source of the persistent hacking. Figuring out how to deal with it only comes later.

Anonymous said...

Point taken. Creating computer viruses and hacking are two different preoccupations.

Anon 5.09

Anonymous said...

Anon 10.06 Selling data is lucrative big business.


Alamak! Name, address, i/c number and contact info is not big business lah. This kind of info you pay $10, you can get 1000 names dark web. What is big business is info which forms patterns of behavior.

Who the hell wants to know whether you got cock-eye or need glasses?

Intrigues Of High Society said...

Stupidity has no cure or water-face problem?

Sultanah Nur Zahirah filed the suit over a defamatory statement in the book The Sarawak Report – The Inside Story of the 1MDB Expose and is claiming general damages of RM100 million from each of the defendants.....

Four witnesses including the Sultanah of Terengganu Sultanah Nur Zahirah will testify in the defamation suit filed by the sultanah against Sarawak Report editor Clare Rewcastle-Brown and two others starting Dec 16 at the High Court in Kuala Lumpur.