Sensitive
clinical information and confidential personal data and of at least
73,466 patients were stolen in a cyberattack on a branch clinic of the
Eye & Retina Surgeons.
The illegal ransomware cyberattack was carried out by a sophisticated unknown party on 6 Aug 2021.
Investigation is being carried out to determine the root causes of the leakage.
The
eye specialist stated in a press release today (25 August) that the
affected data include patients' names, addresses, identity card numbers,
contact details and and sensitive clinical information. No credit card
or bank account information was accessed or compromised.
How so?
It affected servers and several computer terminals at the clinic's branch in Camden Medical centre in the Orchard Road area.
The IT system at the clinic's branch in Mount Elizabeth Novena Specialist Centre was not affected.
"To
optimise data security, (Eye & Retina Surgeons) maintains
segregated networks and active medical records are maintained separately
on a cloud-based system and thus were not accessed or compromised," the
clinic added.
None of the practice's clinical operations were affected, and its IT systems have been securely restored, it said.
The
clinic stated that there has been no known release of sensitive data
into the public domain to date, and that it will continue to monitor the
situation closely.
"Patients are now being progressively informed of this cyber-incident," it added
The
incident has been reported to the Police, the Personal Data Protection
Commission and the Singapore Computer Emergency Response Team
(SingCert).
Eye & Retina Surgeons said that its IT team has
been working closely with the Cybersecurity Agency of Singapore and the
Ministry of Health to investigate the root causes of the incident.
"All
necessary measures to prevent a recurrence of this breach will be
taken," said the clinic, adding that it was working with cybersecurity
experts and authorities to identify any potential areas in its IT
systems that can be further secured.
"(Eye & Retina Surgeons)
regrets this breach and wishes to assure its patients that it takes
patient confidentiality very seriously," the clinic said.
But
actually not serious enough. Otherwise, such intrusion into its IT
system would not have happened in the first place. After their data and
information have been leaked, it is no use to talk about seriousness in
safeguarding patients' confidentiality. It only rubs more salts into
their wounds.
Why take 20 days to report the matter to the public?
After
20 days, still the root cause of the leakage has yet to be discovered?
Why take so long? Are you really serious in finding out the root cause
in order to prevent further attacks of such nature?
If the
cyberattacks are considered as sophisticated, that means the clinic's IT
System and IT staff are not sophisticated. Therefore, they need to be
replaced with a better IT system and better IT manager.
Stupidity has no cure?
ReplyDeleteIt's not surprising that Singapore has frequently suffered Cyber attacks because it is employing all the fake IT specialists from India. Who knows! they may be part of the problem? Selling data is lucrative big business.
Why are the IT and Computer graduates of Singapore universities being unemployed and jobless? Disgusting policy to marginalise own citizens. Time to seriously rectify the problem or face potential great disaster.
Singapore wake up especially the authorities or face economic debacle down the road to sink hole and death.
A very angry Singaporean blue citizen.
We need better hospital administrators and IT managers who understand how to protect Singapore from hackers.
ReplyDeleteLegs open wide wide bringing in foreigners to guard your house is like paying foxes to guard your chicken coop.
ReplyDeleteHahaha
ReplyDeleteMaybe they know the root cause, but they have to figure out who to blame. You know the usual suspects, or the usual bogeyman.
I always have that suspicion that computer viruses could be created by the same people who came out with anti virus software. They have the most to profit from it. What would normal people gain by wasting time creating computer viruses?
ReplyDeleteAnon - This is different. Computer viruses were created to cause mischief so that a small group of socially isolated, disgruntled, self-hating insecure people could claim credit among one another. Hacking is more sophisticated. There is an ulterior motive to steal information for identity theft, ransomware, or just profile building for espionage against selected people. Donald Trump was blackmailed by Putin due to the pee tape where he participated in golden shower activities with Russian prostitutes before he became president.
ReplyDeleteEither way, we first need to identify the source of the persistent hacking. Figuring out how to deal with it only comes later.
Point taken. Creating computer viruses and hacking are two different preoccupations.
ReplyDeleteAnon 5.09
Anon 10.06 Selling data is lucrative big business.
ReplyDeleteAlamak! Name, address, i/c number and contact info is not big business lah. This kind of info you pay $10, you can get 1000 names dark web. What is big business is info which forms patterns of behavior.
Who the hell wants to know whether you got cock-eye or need glasses?
Stupidity has no cure or water-face problem?
ReplyDeleteSultanah Nur Zahirah filed the suit over a defamatory statement in the book The Sarawak Report – The Inside Story of the 1MDB Expose and is claiming general damages of RM100 million from each of the defendants.....
Four witnesses including the Sultanah of Terengganu Sultanah Nur Zahirah will testify in the defamation suit filed by the sultanah against Sarawak Report editor Clare Rewcastle-Brown and two others starting Dec 16 at the High Court in Kuala Lumpur.