Investigation Team Submitted Their First Report In SingHealth Data Breach Revealing Many Loopholes In The Security Systems

Posted By Parveen

Personal data of 1.5 million patients was stolen from SingHealth servers in July 2018 in the biggest breach in Singapore’s history. Since then the investigation was going on high priority in this case. The security breach also compromised outpatient medical data of 160,000 patients who visited the healthcare facilities.

The six-day public hearing has started today which is led by Committee Of Inquiry (COI) and the investigation team submitted their first report saying the breach happened because the systems were not updated, the tardiness of people to raise alarm and use of the easy password.

Cyber Attack on Singapore Health Services Private Limited (SingHealth)’s patient database system

The hackers used an end user workstation to get into the system. The version of Microsoft Outlook they were using on the workstation was not updated with patches which could have stopped hackers from accessing the database. The hacking tool they used was publicly available so there was a huge possibility that the updated Outlook could have stopped the tool from working.

In addition to it, a local administrator used “[email protected]” as password which is pretty much easy to decipher. The hackers were into the system as early as August 2017 and were infecting the system with malware to finally make the breach in July 2018.

Hackers also made a number of failed attempts to access the database running Allscript Healthcare Solutions’ Sunrise Clinical Manager (SCM) which was managed by local IT agency, Integrated Health Information System (IHIS). But the network didn’t have rules in place to monitor such attempts and control them.

Another revelation was made that one of the network connections between the local Citrix server at the hospital and Healthcare cloud platform was left open which allowed access to hackers to exploit the vulnerability in the SCM database.

Next hearing will be held on Monday, 24 Sep 2018.

Full schedule of Public Hearing Convened by COI into the Cyber Attack on SingHealth