2018 SingHealth data breach

The 2018 SingHealth data breach was a data breach

2018 SingHealth data breach
incident initiated by unidentified state actors, which
happened between 27 June and 4 July 2018. During Date 27 June to 4 July 2018
that period, personal particulars of 1.5 million Duration 8 days
SingHealth patients and records of outpatient
Location Singapore
dispensed medicines belonging to 160,000 patients
were stolen. Names, National Registration Identity Type Advanced persistent threat

Card (NRIC) numbers, addresses, dates of birth, race, Cause Inadequate training of staff, slow
and gender of patients who visited specialist outpatient fixing of vulnerabilities
clinics and polyclinics between 1 May 2015 and 4 July Participants Unidentified state actors
2018 were maliciously accessed and copied.
Information relating to patient diagnosis, test results and doctors' notes were unaffected.[1][2] Information
on Prime Minister Lee Hsien Loong was specifically targeted.[3]

Discovery
The database administrators for the Integrated Health Information Systems (IHIS), the public healthcare
IT provider, detected unusual activity on one of SingHealth's IT databases on 4 July, and implemented
precautions against further intrusions. Network traffic monitoring was enhanced; additional malicious
activity was detected after 4 July, but did not result in the theft of any data.[4] Having ascertained that a
cyberattack occurred, administrators notified the ministries and brought in the Cyber Security Agency
(CSA) on 10 July to carry out forensic investigations. The agency determined that perpetrators gained
privileged access to the IT network by compromising a front-end workstation, and obtained login
credentials to access the database, while hiding their digital footprints.[4] The attack was made public in a
statement released by the Ministry of Communications and Information and Ministry of Health on 20
July.[3][5] The ten-day delay between the discovery of the attack and the public announcement was
attributed to time needed to fortify the IT systems, conduct preliminary investigations, identify affected
patients and prepare the logistics of the announcement.[6] Text messages were subsequently sent to
patients whose data was affected.[4]

Investigation
On 6 August 2018 in Parliament, S. Iswaran, Minister for Communications and Information, attributed
the attack to sophisticated state-linked actors who wrote customized malware to circumvent SingHealth's
antivirus and security tools. Iswaran did not name any state in the interest of national security.[7]

A Committee of Inquiry was convened on 24 July 2018 to investigate the causes of the attack and identify
measures to help prevent similar attacks. The four-member committee is chaired by former chief district
judge Richard Magnus, and comprise leaders of a cyber-security firm, a healthcare technology firm and
the National Trades Union Congress respectively.[8] The committee called on the Attorney-General's
Chambers to lead evidence, and the Attorney-General's Chambers appointed the Cyber Security Agency
to lead the investigations with the support of the Criminal Investigation Department. The committee held
closed-door and public hearings from 28 August,[9] with another tranche of hearings from 21 September
to 5 October.[10][11][12] In addition, the Personal Data Protection Commission investigated into possible
breaches of the Personal Data Protection Act in protecting data and hence determine possible action.[13]

Committee of Inquiry hearings

The Committee of Inquiry hearings began on 21 September 2018. In the first hearing, Solicitor-General
Kwek Mean Luck said that a series of staff missteps and gaps in the system contributed to the breach.
Some examples mentioned are the EMR system, which was in place since 1999. In addition, it was
mentioned that the cyberattacker behind the incident started infecting workstations as early as August
2017 using a hacking tool. The version of Microsoft Outlook being used did not have a patch that
prevents attacks by that hacking tool. Between December 2017 and May 2018, the cyberattacker moved
sideways and gained access to a workstation to infect other computers with malware. Other inadequacies
identified include not being able to identify multiple failed attempts to log into the system, which was
done with non-existent accounts or accounts that do not have much privileges in the system. Eventually,
the cyberattacker successfully gained entry through a coding vulnerability on 26 June, and hence sent
SQL queries until 4 July when it was stopped by an administrator. In addition, there were three periods
where staff failed to respond or responded after a few days when knowledge of the cyberattack was first
known. On the same day, two staff members said that while a framework was in place to report
cyberattacks, there is insufficient training on what to do, hence it was unclear to staff about what actions
should be taken.[14][15][16]

At the next hearing on 24 September, it was revealed that Prime Minister Lee Hsien Loong's personal
data and outpatient records along with two other unnamed people were searched by hackers who
infiltrated into the servers using NRIC numbers. The rest of the queries were generally done on patient
demographic data, like one that involved the first 20,000 records of such data from Singapore General
Hospital. An assistant lead analyst who detected unusual activity investigated further even through that
was not his scope, and sent alerts to different divisions to find the staff who can make sense of those
queries. The analyst's supervisor told the analyst to continue monitoring the situation and that he assumed
there was no medical data until being informed that there was such a leak. As the analyst informed a
reporting officer, there was no point in reporting the query himself, asking the analyst to follow up on the
queries. Details about reporting procedures and containment measures were mentioned.[17][18]

On the third day, a cybersecurity employee at IHiS, who was on holiday when the incident happened, did
not follow up after having read the emails as it was thought to have been collection of data from
workstations for investigation. In addition, only one computer at IHiS was used to carry out forensic
examinations, resulting in delays diagnosing the issue.[19] This is confirmed by the fourth day of the trial,
where failings of judgement and organisational processes are exposed. For instance, meetings with the
security management department were not conducted regularly, and no framework was created to set out
appropriate responses to cybersecurity risks or to appoint covering officers if any staff go on leave. A
clarification on processes was provided, where a standard operating procedure to escalate incidents was
approved by the management in March 2018. It was also revealed the same day that staffers took six
more days after 4 July to confirm the data breach as an IHiS employee mistakenly informed colleagues
that no data was stolen, only confirmed after further tests are run by the superior finding that data was
stolen. The queries were later recreated.[20][21][22]

It was also revealed on the fifth day that a server exploited by hackers did not receive security updates in
more than a year since May 2017 due to the WannaCry ransomware attacks, compared to the normal
duration where patches were done several times a month. Besides that, the computer's anti-virus software
was too old and need to be reinstalled. The manager was not supposed to manage the server on paper, but
in practice, was given the role in 2014 as the server was located at the National Cancer Centre Singapore,
thereby being convenient for staff members to approach him in case help was needed. Once the
counterparts resigned, there was no one at IHiS present to take over managing the server. Also, the IHiS
director was not aware that the server was not managed by the firm in practice, only giving a directive in
2014 that IHiS will not manage research servers.[23][24] The next day, a security loophole that was not
plugged was scruntised. Even though the loophole was flagged by an IHiS employee, there was no action
taken. In fact, the employee was dismissed after sending details of the flaw to a rival company.[25][26][27]

Towards the end of the second tranche of hearings on 5 October, it was revealed a second attempt to hack
into the servers was done on 19 July via another server. This was stopped immediately as soon as it
began. In addition, malware used was customised for the system and evaded detection from top anti-virus
software. A tool called PowerShell was used in the process, being disabled on 13 July. Meanwhile, IHiS
stepped up security with changing passwords, removing compromised accounts and rebooting
servers.[28][29]

The third tranche of hearings started on 31 October. Evidence was shown that managers were reluctant to
report the incidents as that would mean an increased amount of work, thereby creating a bottleneck.
Meanwhile, the chief information officer told the team to escalate the incident, saying a bottleneck is not
acceptable, adding that there was no written protocol on how to report SingHealth-related cybersecurity
incidents should IHiS staff discover any incident. Another pointed out that annual cybersecurity exercises
are mandated for critical information infrastructure (CII) operators, so staff should be able to identify
advanced persistent threats (APTs). However, these tests were for classroom settings and may not
necessarily apply to the SingHealth case, thus defeating the purpose of these exercises if situational
awareness was not there. There were also plans for secure Internet browsing in the healthcare sector by
2018, but it had to be delayed by a year due to technical issues.[30][31][32]

The following day, a 2016 audit that found systemic weaknesses in the network link between Singapore
General Hospital and cloud-based systems was brought up, showing more inadequacies in the systems
managed by IHiS. The incident was reported by the operations team as "plugged" to the management
without anyone verifying that works to fix these vulnerabilities were done. The Cyber Security Agency
also found similar vulnerabilities in its investigation. Due to this, there will be "three lines of defence",
where compliance checks are performed by the operations team, technology team and internal audit team,
and training will be stepped up in IHiS so that early detection of attacks are ensured.[33] As pointed out
the next day that even if the weaknesses were found, they may not be fixed as quickly as expected as
public healthcare institutions operate around the clock resulting in little downtime.[34]

Later in the hearings, SingHealth executives said that they will enhance cyber safety awareness for all
employees, as well as roll out new systems to capture patients' data rigorously. It will also allow patients
to update their particulars instead of only doing it over the counter. More townhalls will be held to update
employees about the latest cyber threats, with log-in messages strengthened to hone the importance of
data protection. Storytelling formats will also be used to explain these concepts.[35][36] More cyber
security exercises simulating data breaches were called for in a subsequent hearing, with these allowing
professionals to be more familiar with what to do in case a similar incident happens again. In addition, the
expert recommended all data within the system to be encrypted including inactive data. As full encryption
would be unfeasible due to operational concerns, personal data could be anonymised instead with 2-factor
authentication to de-anonymise it. That same hearing, it was updated that many of the written
submissions were found to be useful.[37]

Towards the final hearings, a former National Security Agency director suggested having the Government
and industry partners work together and share information to learn and update each other about new
threats that pop up. That is so as current protection measures are insufficient against ever evolving
vulnerabilities. In the same hearing, the Ministry of Health's chief data advisor pointed out that Internet
separation resulted in longer wait times for patients, declined productivity, increased staff fatigue and new
cyber risks, especially when anti-virus software updates are done only on some computers instead of all
within the network. Hence, to continue ISS, these factors would need to be considered.[38][39] The next
day, a security expert recommended having a centralised incident management and tracking system that
logs all incidents that occur during a breach to reduce miscommunication, which is one of the causes for
delayed reporting. In addition, the usage of different chat platforms meant that crucial details about the
attack were lost and hence there was not many linkages to the incident.[40]

On the final day, Cyber Security Agency chief David Koh suggested changing the way IT staff in the
healthcare sector report incidents so that faster response can be ensured during a cyberattack, along with a
review of the sector's IT processes and staff training carried out. It was also suggested that cybersecurity
processes be considered as a key instead of it merely existing as an afterthought. The hearings thus
concluded on 14 November 2018.[41][42][43]

The closing submissions were held on 30 November 2018. Proposals to improve cybersecurity were
shared, including the "assume breach" mindset in organisations thus taking necessary measures, having
the right people and processes to complement those measures. It was also pointed out that administrator
passwords are supposed to be 15 characters long, but one had a problematic password of eight characters
which was unchanged since 2012. Lastly, even if measures were put in place to slow down cyberattacks,
it is important to note that the attack was done via an advanced persistent threat (APT).[44][45]
Subsequently, the report was submitted to S. Iswaran on 31 December 2018 with the public version
released on 10 January 2019.[46][47]

Release of report
On 10 January 2019, the Committee of Inquiry released a report on the SingHealth breach. The report
found that staff are inadequately trained in cybersecurity, thus they are unable to stop the attacks. The key
staff did not take immediate action to stop the attacks fearing pressure. To make things worse,
vulnerabilities in the network and systems are not patched quickly, coupled with the fact that the attackers
are well-skilled. As a result, the attackers found it easy to break in. The report did point that if the staff
had been adequately trained and vulnerabilities fixed quickly, this attack could have been averted. The
report also found that this is the work of an Advanced Persistent Threat group.[48]

In the same report, the Committee of Inquiry made 16 recommendations to boost cybersecurity, separated
into priority and additional recommendations.[49] They are:
 Priority:
Adopting an enhanced security structure and readiness by IHiS and public health
institutions
Review online security processes to assess ability to defend and respond to
cyberattacks
Improving staff awareness on cyberattacks
Perform enhanced security checks, especially on critical information infrastructure (CII)
systems
Subject privileged administrator accounts to tighter control and greater monitoring
Improve incident response processes
Forge partnerships between industries and the Government to achieve higher
cybersecurity
Additional:
IT security risk assessments and audits must be treated seriously and carried out
regularly
Enhanced safeguards must be put in place to protect confidentiality of electronic medical
records
Improve domain security against attacks
Implement a robust patch management process
Implement a software upgrade policy with a focus on cybersecurity
Implement an Internet access strategy that limits exposure to external threats
Clearer guidelines on when and how to respond to cybersecurity incidents
Improve competence of computer security incident response personnel
Consider a post-breach independent forensic review of the network
On 15 January 2019, S. Iswaran, Minister for Communications and Information announced in Parliament
that the Government accepted the recommendations of the report and will fully adopt them. It has also
sped up the implementation of the Cybersecurity Act to increase security of CIIs.[50] Separately, Gan Kim
Yong, Minister for Health announced that changes to enhance governance and operations in Singapore's
healthcare institutions and IHiS will be made. The dual role of Ministry of Health's chief information
security officer (MOH CISO) and the director of cybersecurity governance at IHiS will be separated,
where the MOH CISO has a dedicated office and reports to the Permanent Secretary of MOH, while IHiS
will have a separate director in charge of cybersecurity governance, with changes at the cluster level. This
will help boost operations and governance of the IT systems. In addition, MOH will establish an
enhanced "Three Lines of Defence" system for public healthcare, and pilot a "Virtual Browser" for the
National University Health System. All public healthcare staff will remain on Internet Surfing Separation,
which was implemented immediately after the cyberattack, and the mandatory contribution of patient
medical data to the National Electronic Health Record (NEHR) system will continue to be deferred.[51]

Aftermath
Following the cyberattack, Internet access was temporarily removed from all public healthcare IT
terminals with access to the healthcare network, and additional system monitoring and controls were
implemented.[52]
The attack led to a two-week pause in Singapore's Smart Nation initiatives and a review of the public
sector's cyber-security policies during that time. The review resulted in implementation of additional
security measures, and urged public sector administrators to remove Internet access where possible and to
use secure Information Exchange Gateways otherwise.[53] The attack also renewed concerns among some
healthcare practitioners regarding ongoing efforts to centralize electronic patient data in Singapore. Plans
to pass laws in late 2018 making it compulsory for healthcare providers to submit data regarding patient
visits and diagnoses to the National Electronic Health Record system were postponed.[54] In addition, the
Ministry of Health announced on 6 August 2018 that the National Electrical Health Record (NEHR) will
be reviewed by an independent group made up of Cyber Security Agency and PricewaterhouseCoopers
before asking doctors to submit all records to the NEHR, even though it was not affected by the
cyberattack.[55]

On 24 July 2018, the Monetary Authority of Singapore told banks in Singapore to tighten customer
verification processes in case leaked data was used to impersonate customers, with additional information
requested. Banks are also told to conduct risk assessments and mitigate risks from misuse of
information.[56][57][58]

IHiS has since strengthened public health systems against data breaches. All suspicious IT incidents will
have to be reported within 24 hours. 18 other measures are also put in place, including two-factor
authentication for all administrators, proactive threat hunting and intelligence, allowing only computers
with latest security updates on hospital networks, and a new database activity monitoring. Studies are
done to keep Internet Separation Scheme (ISS) permanent in some parts of the healthcare system with a
virtual browser being piloted as an alternative.[59][60]

After the report was released, on 16 January 2019, IHiS dismissed two employees and demoted one for
being negligent in handling and misunderstanding the attack respectively, with financial penalties
imposed on two middle management supervisors, and five members of the senior management including
CEO Bruce Liang. Three employees were commended by IHiS for handling the incident diligently even
when not part of their job scope. IHiS has since fast-tracked a suite of 18 measures for enhancing
cybersecurity.[61][62] The next day, the Personal Data Protection Commission fined IHiS $750,000 and
SingHealth $250,000 for not doing enough to safeguard personal data under the Personal Data Protection
Act, making it the largest fine imposed for data breaches.[63]

Subsequently, on 6 March 2019, cybersecurity company Symantec identified a state-sponsored group,

known as Whitefly, behind the cyberattack. Although the country is not identified, that group has been
found to be behind several related cyberattacks against Singapore-based entities since 2017.[64][65]

References
1. Tham, Irene (20 July 2018). "Personal info of 1.5m SingHealth patients, including PM Lee,
stolen in Singapore's worst cyber attack" (https://www.straitstimes.com/singapore/personal-i
nfo-of-15m-singhealth-patients-including-pm-lee-stolen-in-singapores-most). The Straits
Times. Archived (https://web.archive.org/web/20180822080833/https://www.straitstimes.co
m/singapore/personal-info-of-15m-singhealth-patients-including-pm-lee-stolen-in-singapores
-most) from the original on 22 August 2018. Retrieved 2 October 2018.
2. "SingHealth's IT System Target of Cyberattack" (https://www.moh.gov.sg/news-highlights/det
ails/singhealth's-it-system-target-of-cyberattack). MOH, MCI. 20 July 2018. Retrieved
13 August 2022.
 3. Kwang, Kevin (20 July 2018). "Singapore health system hit by 'most serious breach of
personal data' in cyberattack; PM Lee's data targeted" (https://www.channelnewsasia.com/n
ews/singapore/singhealth-health-system-hit-serious-cyberattack-pm-lee-target-10548318).
Channel NewsAsia. Archived (https://web.archive.org/web/20180726060044/https://www.ch
annelnewsasia.com/news/singapore/singhealth-health-system-hit-serious-cyberattack-pm-le
e-target-10548318) from the original on 26 July 2018.
4. "Hackers stole data of PM Lee and 1.5 million patients in 'major cyberattack' on SingHealth"
(https://www.todayonline.com/singapore/hackers-stole-medical-data-pm-lee-and-15-million-
patients-major-cyber-attack-singhealth). TODAYonline. 20 July 2018. Archived (https://web.a
rchive.org/web/20180721121130/https://www.todayonline.com/singapore/hackers-stole-med
ical-data-pm-lee-and-15-million-patients-major-cyber-attack-singhealth) from the original on
21 July 2018. Retrieved 2 October 2018.
5. Tham, Irene (20 July 2018). "Personal info of 1.5m SingHealth patients, including PM Lee,
stolen in Singapore's worst cyber attack" (https://www.straitstimes.com/singapore/personal-i
nfo-of-15m-singhealth-patients-including-pm-lee-stolen-in-singapores-most). The Straits
Times. Retrieved 3 September 2019.
6. Baharudin, Hariz (7 August 2018). "Ministers' answers" (https://www.straitstimes.com/singap
ore/ministers-answers). The Straits Times. Archived (https://web.archive.org/web/20180817
023234/https://www.straitstimes.com/singapore/ministers-answers) from the original on 17
August 2018. Retrieved 16 August 2018.
7. "Singapore Minister: Major Cyberattack May Be State-Linked" (https://www.nytimes.com/apo
nline/2018/08/06/world/asia/ap-as-singapore-cyberattack.html). Associated Press. 6 August
2018. Archived (https://web.archive.org/web/20180817023254/https://www.nytimes.com/apo
nline/2018/08/06/world/asia/ap-as-singapore-cyberattack.html) from the original on 17
August 2018. Retrieved 16 August 2018.
8. Tham, Irene (24 July 2018). "4-member Committee of Inquiry convened to investigate
SingHealth cyber attack" (https://www.straitstimes.com/singapore/four-member-committee-o
f-inquiry-convened-to-investigate-singhealth-cyber-attack). The Straits Times. Retrieved
20 January 2020.
9. Baharudin, Hariz (8 August 2018). "COI hearings on SingHealth cyber attack from Aug 28"
(https://www.straitstimes.com/singapore/coi-hearings-on-singhealth-cyber-attack-from-aug-2
8). The Straits Times. Archived (https://web.archive.org/web/20180817023337/https://www.s
traitstimes.com/singapore/coi-hearings-on-singhealth-cyber-attack-from-aug-28) from the
original on 17 August 2018. Retrieved 16 August 2018.
10. Tham, Irene (12 September 2018). "Hearings on SingHealth cyber breach from Sept 21" (htt
ps://www.straitstimes.com/singapore/hearings-on-singhealth-cyber-breach-from-sept-21).
The Straits Times. Retrieved 22 January 2020.
11. Wong, Pei Ting (11 September 2018). "SingHealth cyber attack hearings resume Sept 21;
inquiry committee seeks recommendations from the public" (https://www.todayonline.com/si
ngapore/singhealth-cyber-attack-hearings-resume-sept-21-inquiry-committee-seeks-recom
mendations). Today. Retrieved 22 January 2020.
12. "Schedule of Public Hearing Convened by COI into the Cyber Attack on SingHealth" (https://
www.mci.gov.sg/pressroom/news-and-stories/pressroom/2018/9/schedule-of-public-hearing-
convened-by-coi-into-the-cyber-attack-on-singhealth). Ministry of Communications and
Information. 20 September 2018. Retrieved 22 January 2020.
13. Tham, Irene (24 July 2018). "Singapore's privacy watchdog to investigate SingHealth data
breach" (https://www.straitstimes.com/singapore/singapores-privacy-watchdog-to-investigat
e-singhealth-data-breach). The Straits Times. Retrieved 20 January 2020.
14. Kwang, Kevin (21 September 2018). "COI for SingHealth cyberattack: IT gaps, staff
missteps contributed to incident, says Solicitor-General" (https://www.channelnewsasia.com/
news/singapore/singhealth-cyberattack-committee-inquiry-staff-hack-10744182). Channel
NewsAsia. Retrieved 2 July 2021.
15. Tham, Irene; Baharudin, Hariz (21 September 2018). "COI on SingHealth cyber attack: Lack
of awareness, tardy response contributed to incident, says Solicitor-General" (https://www.st
raitstimes.com/singapore/first-public-hearing-on-singhealths-cyber-attack-kicks-off). The
Straits Times. Retrieved 2 July 2021.
16. Chua, Alfred (22 September 2018). "SingHealth cyber attack: Not all IHiS employees aware
of what to do in a cyber-security incident" (https://www.todayonline.com/singapore/singhealt
h-cyber-attack-not-all-ihis-employees-aware-what-do-cyber-security-incident). Today.
Retrieved 2 July 2021.
17. Tan, Tam Mei; Lai, Linette (24 September 2018). "COI on SingHealth cyber attack: Hackers
searched for PM Lee's records using his NRIC number" (https://www.straitstimes.com/singa
pore/coi-on-singhealth-cyber-attack-hackers-searched-for-pm-lees-records-using-his-nric-nu
mber). The Straits Times. Retrieved 2 July 2021.
18. Chia, Lianne (25 September 2018). "COI for SingHealth cyberattacks: Officer took initiative
to investigate even though it was not his job" (https://www.channelnewsasia.com/news/singa
pore/coi-singhealth-cyberattacks-officer-took-initiative-not-his-job-10753282). Channel
NewsAsia. Retrieved 2 July 2021.
19. Tham, Irene (25 September 2018). "COI on SingHealth cyber attack: Alarm bells did not ring
for key cyber-security employee despite suspicious activity" (https://www.straitstimes.com/si
ngapore/coi-on-singhealth-cyber-attack-alarm-bells-did-not-ring-for-key-cyber-security-empl
oyee). The Straits Times. Retrieved 2 July 2021.
20. Tham, Irene (26 September 2018). "COI on SingHealth cyber attack: Failings in judgment,
organisation exposed" (https://www.straitstimes.com/singapore/failings-in-judgement-organi
sation-exposed-as-cyber-attack-coi-grills-singhealth-risk-man). The Straits Times. Retrieved
2 July 2021.
21. Baharudin, Hariz (26 September 2018). "COI on SingHealth cyber attack: IHiS staff took six
days to discover data had been stolen" (https://www.straitstimes.com/singapore/coi-on-singh
ealth-cyber-attack-cyber-security-staff-took-six-days-to-discover-data-had). The Straits
Times. Retrieved 2 July 2021.
22. Sim, Fann; Chia, Lianne (26 September 2018). "COI on SingHealth cyberattack: IHiS officer
hesitated before reporting suspected breach" (https://www.channelnewsasia.com/news/sing
apore/coi-on-singhealth-cyberattack-ihis-officer-hesitated-before-10761088). Channel
NewsAsia. Retrieved 2 July 2021.
23. Tham, Irene (27 September 2018). "Exploited server in SingHealth cyber attack did not get
security update for 14 months, COI finds" (https://www.straitstimes.com/singapore/hacked-si
nghealth-server-had-not-had-security-update-for-14-months-cyber-attack-coi-finds). The
Straits Times. Retrieved 2 July 2021.
24. Sim, Fann; Chia, Lianne (27 September 2018). "COI on SingHealth cyberattack: Exploited
server had not been updated for more than a year" (https://www.channelnewsasia.com/new
s/singapore/coi-on-singhealth-cyberattack-exploited-server-had-not-been-10764472).
Channel NewsAsia. Retrieved 3 July 2021.
25. Tham, Irene (28 September 2018). "COI examines alleged security 'loophole' discovered in
2014 in SingHealth system" (https://www.straitstimes.com/singapore/unaddressed-security-l
oophole-could-have-led-to-singhealth-data-breach-coi-hears). The Straits Times. Retrieved
3 July 2021.
26. Kwang, Kevin (28 September 2018). "SingHealth COI hearing: Former IHiS CEO dismissed
staff for ethical breach, didn't probe alleged vulnerability" (https://www.channelnewsasia.co
m/news/singapore/singhealth-coi-hearing-former-ihis-ceo-testimony-dismissed-staff-107698
16). Channel NewsAsia. Retrieved 3 July 2021.
27. Kwang, Kevin (28 September 2018). "SingHealth COI hearing: Employees questioned about
their inaction over alleged coding vulnerability" (https://www.channelnewsasia.com/news/sin
gapore/singhealth-coi-employees-questioned-inaction-coding-loophole-10769158). Channel
NewsAsia. Retrieved 3 July 2021.
28. Tham, Irene (5 October 2018). "SingHealth COI: Hackers tried to attack network again on
July 19 amid probe" (https://www.straitstimes.com/singapore/coi-on-singhealth-data-breach-
hackers-tried-to-attack-network-again-on-july-19-amid). The Straits Times. Retrieved 3 July
2021.
29. Sim, Fann; Mohan, Matthew (5 October 2018). " 'Customised, uniquely tailored' malware not
seen elsewhere used in SingHealth cyberattack" (https://www.channelnewsasia.com/news/s
ingapore/customised-uniquely-tailored-malware-singhealth-cyberattack-10794852). Channel
NewsAsia. Retrieved 3 July 2021.
30. Tham, Irene (31 October 2018). "SingHealth cyber attack COI: Senior manager reluctant to
report attack because he did not want to deal with pressure" (https://www.straitstimes.com/si
ngapore/coi-on-singhealth-cyber-attack-new-chat-evidence-shows-bottleneck-in-reporting).
The Straits Times. Retrieved 3 July 2021.
31. Tan, Tam Mei (1 November 2018). "SingHealth data came under attack before plans to
strengthen Internet protocols were put in place" (https://www.straitstimes.com/singapore/sin
ghealth-data-came-under-attack-before-plans-to-strengthen-internet-protocols-were-put).
The Straits Times. Retrieved 3 July 2021.
32. Kwang, Kevin (31 October 2018). "SingHealth COI: IHiS officer's reluctance to report
suspicious IT incidents shown up in court" (https://www.channelnewsasia.com/news/singapo
re/singhealth-coi-ihis-officer-s-reluctance-to-report-suspicious-it-10882890). Channel
NewsAsia. Retrieved 3 July 2021.
33. Tham, Irene (1 November 2018). "COI on SingHealth cyber attack: Weaknesses flagged in
2016 internal audit not remedied" (https://www.straitstimes.com/singapore/coi-on-singhealth-
cyber-attack-weaknesses-flagged-in-2016-internal-audit-not-remedied). The Straits Times.
Retrieved 3 July 2021.
34. Tham, Irene (2 November 2018). "COI on SingHealth cyber attack: Operational challenges
in fixing system weaknesses quickly" (https://www.straitstimes.com/singapore/health/coi-on-
singhealth-cyber-attack-operational-challenges-in-fixing-system-weaknesses). The Straits
Times. Retrieved 3 July 2021.
35. Tham, Irene (5 November 2018). "COI on cyber attack: More will be done to deepen cyber-
security awareness of SingHealth employees" (https://www.straitstimes.com/singapore/coi-o
n-cyber-attack-more-will-be-done-to-deepen-cyber-security-awareness-of-singhealth). The
Straits Times. Retrieved 3 July 2021.
36. Mohan, Matthew (5 November 2018). "SingHealth COI: Management concerned early
announcement of breach would affect investigations" (https://www.channelnewsasia.com/ne
ws/singapore/singhealth-coi-management-concerned-early-announcement-of-breach-10899
970). Channel NewsAsia. Retrieved 3 July 2021.
37. Baharudin, Hariz (9 November 2018). "Cyber-security exercises needed to better prepare
for cyber attacks: Expert at COI on SingHealth cyber attack" (https://www.straitstimes.com/si
ngapore/cyber-security-exercises-needed-to-better-prepare-for-cyber-attacks-expert-at-coi-h
earing). The Straits Times. Retrieved 3 July 2021.
38. Baharudin, Hariz (12 November 2018). "COI on SingHealth cyber attack: US expert calls for
collective defence against threats" (https://www.straitstimes.com/singapore/coi-on-singhealt
h-cyber-attack-american-expert-calls-for-collective-defence-against-cyber). The Straits
Times. Retrieved 3 July 2021.
39. Baharudin, Hariz (12 November 2018). "Longer wait times, declined productivity, higher
cyber risks due to Internet separation: MOH chief data adviser" (https://www.straitstimes.co
m/singapore/longer-wait-times-declined-productivity-higher-cyber-risks-due-to-internet-separ
ation-moh). The Straits Times. Retrieved 3 July 2021.
40. Baharudin, Hariz (13 November 2018). "SingHealth COI: Communication problems
hampered data breach response, says expert witness" (https://www.straitstimes.com/singap
ore/communication-problems-hampered-singhealth-data-breach-response-coi-hears). The
Straits Times. Retrieved 3 July 2021.
41. Baharudin, Hariz (14 November 2018). "COI on SingHealth cyber attack: Change the way
security incidents are reported, says CSA chief" (https://www.straitstimes.com/singapore/coi-
on-singhealth-cyber-attack-change-the-way-security-incidents-are-reported-says-csa). The
Straits Times. Retrieved 3 July 2021.
42. Sim, Fann (14 November 2018). "SingHealth COI: IHiS' systems were built for business
efficiency instead of security, says CSA chief" (https://www.channelnewsasia.com/news/sing
apore/singhealth-cyberattack-coi-ihis-systems-csa-chief-10929274). Channel NewsAsia.
Retrieved 3 July 2021.
43. "Conclusion of Scheduled Hearings for COI into SingHealth Cyber Attack" (https://www.mci.
gov.sg/pressroom/news-and-stories/pressroom/2018/11/conclusion-of-scheduled-hearings-f
or-coi-into-singhealth-cyber-attack). MCI. 14 November 2018. Retrieved 17 February 2020.
44. Baharudin, Hariz (30 November 2018). "Organisations must prepare for cyber breaches, as
if already under attack: SingHealth COI chair" (https://www.straitstimes.com/singapore/orga
nisations-must-prepare-for-cyber-breaches-as-if-already-under-attack-singhealth-coi). The
Straits Times. Retrieved 3 July 2021.
45. Kwang, Kevin (30 November 2018). "Improve staff awareness of cybersecurity, better
incident response proposed as SingHealth COI ends" (https://www.channelnewsasia.com/n
ews/singapore/singhealth-coi-ends-cybersecurity-recommendations-10985254). Channel
NewsAsia. Retrieved 3 July 2021.
46. Tham, Irene (31 December 2018). "Top-secret report on SingHealth attack submitted to
Minister-in-charge of Cyber Security" (https://www.straitstimes.com/singapore/top-secret-rep
ort-on-singhealth-attack-submitted-to-minister-in-charge-of-cyber-security). The Straits
Times. Retrieved 17 February 2020.
47. "Public Report of the Committee of Inquiry (COI) into the cyber attack on Singapore Health
Services Private Limited Patient Database" (https://www.mci.gov.sg/pressroom/news-and-st
ories/pressroom/2019/1/public-report-of-the-coi). MCI. 10 January 2019. Retrieved 22 April
2021.
48. Tham, Irene; Baharudin, Hariz (10 January 2019). "COI on SingHealth cyber attack: 5 key
findings" (https://www.straitstimes.com/tech/5-key-findings). The Straits Times. Retrieved
3 September 2019.
49. Baharudin, Hariz (10 January 2019). "COI on SingHealth cyber attack: 16
recommendations" (https://www.straitstimes.com/singapore/16-recommendations). The
Straits Times. Retrieved 3 September 2019.
50. "SingHealth cyberattack: Govt to fully adopt COI recommendations, S Iswaran says" (https://
web.archive.org/web/20201002073404/https://www.channelnewsasia.com/news/singapore/s
inghealth-cyberattack-ministerial-statement-coi-recommendations-11125014). Channel
NewsAsia. 15 January 2019. Archived from the original (https://www.channelnewsasia.com/
news/singapore/singhealth-cyberattack-ministerial-statement-coi-recommendations-111250
14) on 2 October 2020. Retrieved 3 September 2019.
51. Abu Baker, Jalelah (15 January 2019). "SingHealth cyberattack: IHiS, public healthcare
system to see enhanced governance, changes to organisational structure" (https://web.archi
ve.org/web/20201002054552/https://www.channelnewsasia.com/news/singapore/singhealth
-cyberattack-data-breach-ihis-changes-governance-11125044). Channel NewsAsia.
Archived from the original (https://www.channelnewsasia.com/news/singapore/singhealth-cy
berattack-data-breach-ihis-changes-governance-11125044) on 2 October 2020. Retrieved
3 September 2019.
52. "SingHealth cyberattack: Internet surfing delinked at all public healthcare clusters" (https://w
ww.channelnewsasia.com/news/singapore/singhealth-cyberattack-internet-surfing-delinked-
all-public-10555094). Channel NewsAsia. Archived (https://web.archive.org/web/201808170
23401/https://www.channelnewsasia.com/news/singapore/singhealth-cyberattack-internet-s
urfing-delinked-all-public-10555094) from the original on 17 August 2018. Retrieved
16 August 2018.
53. Tham, Irene (3 August 2018). "SingHealth cyber attack: Pause on Smart Nation projects
lifted; 11 critical sectors told to review untrusted external connections" (https://www.straitstim
es.com/singapore/singhealth-cyber-attack-pause-on-smart-nation-projects-lifted-11-critical-s
ectors-told-to). The Straits Times. Archived (https://web.archive.org/web/20180817023348/h
ttps://www.straitstimes.com/singapore/singhealth-cyber-attack-pause-on-smart-nation-projec
ts-lifted-11-critical-sectors-told-to) from the original on 17 August 2018. Retrieved 16 August
2018.
54. Wong, Pei Ting (23 July 2018). "Doctors raise concerns again over national e-records
system after data breach at SingHealth" (https://www.todayonline.com/singapore/doctors-rai
se-concerns-again-over-national-e-records-system-after-data-breach-singhealth).
TODAYonline. Archived (https://web.archive.org/web/20180817023232/https://www.todayonl
ine.com/singapore/doctors-raise-concerns-again-over-national-e-records-system-after-data-
breach-singhealth) from the original on 17 August 2018. Retrieved 16 August 2018.
55. Choo, Cynthia (6 August 2018). "National e-records system to undergo 'rigorous' security
review before proceeding with mandatory contribution" (https://www.todayonline.com/singap
ore/national-electronic-health-record-system-undergo-rigourous-security-review-proceedin
g). Today. Retrieved 3 September 2019.
56. "MAS directs financial institutions to tighten customer verification process" (https://www.mas.
gov.sg/news/media-releases/2018/mas-directs-financial-institutions-to-tighten-customer-verif
ication-process). MAS. 24 July 2018. Retrieved 3 July 2021.
57. Hong, Jose (24 July 2018). "MAS tells financial institutions to tighten customer verification
processes" (https://www.straitstimes.com/singapore/mas-tells-financial-institutions-to-tighten
-customer-verification-processes). The Straits Times. Retrieved 3 July 2021.
58. "SingHealth cyberattack: MAS orders financial institutions to tighten customer verification" (h
ttps://www.channelnewsasia.com/news/singapore/singhealth-cyberattack-mas-financial-insti
tutions-verification-10558690). Channel NewsAsia. 24 July 2018. Retrieved 3 July 2021.
59. Tham, Irene (1 November 2018). "New measures to strengthen public healthcare systems
following SingHealth data breach" (https://www.straitstimes.com/singapore/slew-of-new-mea
sures-to-strengthen-public-healthcare-systems-unveiled-following-singhealth). The Straits
Times. Retrieved 17 February 2020.
60. Yusof, Amir (1 November 2018). "SingHealth cyberattack: IHiS announces measures to
protect healthcare sector against online threats" (https://www.channelnewsasia.com/news/si
ngapore/singhealth-cyberattack-ihis-measures-prevent-online-threats-10887424). Channel
NewsAsia. Retrieved 3 July 2021.
61. Mohan, Matthew; Sim, Fann (14 January 2019). "SingHealth cyberattack: IHiS sacks 2
employees, imposes financial penalty on CEO" (https://web.archive.org/web/202011072341
44/https://www.channelnewsasia.com/news/singapore/singhealth-cyberattack-ihis-fires-empl
oyees-ceo-fined-11120838). Channel NewsAsia. Archived from the original (https://www.cha
nnelnewsasia.com/news/singapore/singhealth-cyberattack-ihis-fires-employees-ceo-fined-1
1120838) on 7 November 2020. Retrieved 3 September 2019.
62. Tham, Irene (14 January 2019). "IHiS sacks 2 employees, slaps financial penalty on CEO
over lapses in SingHealth cyber attack" (https://www.straitstimes.com/singapore/probe-repor
t-on-singhealth-data-breach-points-to-basic-failings). The Straits Times. Retrieved 3 July
2021.
63. Mohan, Matthew (15 January 2019). "PDPC fines IHiS, SingHealth combined S$1 million for
data breach following cyberattack" (https://web.archive.org/web/20201111193129/https://ww
w.channelnewsasia.com/news/singapore/ihis-singhealth-fined-1-million-data-breach-cyberat
tack-11124156). Channel NewsAsia. Archived from the original (https://www.channelnewsas
ia.com/news/singapore/ihis-singhealth-fined-1-million-data-breach-cyberattack-11124156)
on 11 November 2020. Retrieved 3 September 2019.
64. Baharudin, Hariz (6 March 2019). "SingHealth database hackers have targeted other
systems here since at least 2017: Symantec" (https://www.straitstimes.com/singapore/singh
ealth-database-hackers-have-targeted-other-systems-here-since-at-least-2017-symantec).
The Straits Times. Retrieved 2 July 2021.
65. Kwang, Kevin (6 March 2019). "Cyber espionage group Whitefly behind SingHealth hack:
Symantec" (https://www.channelnewsasia.com/news/singapore/singhealth-hack-whitefly-cyb
er-espionage-group-symantec-11317330). Channel NewsAsia. Retrieved 2 July 2021.

Retrieved from "https://en.wikipedia.org/w/index.php?title=2018_SingHealth_data_breach&oldid=1199231210"