By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
TechgoonduTechgoondu
  • Audio-visual
  • Enterprise
    • Software
    • Cybersecurity
  • Gaming
  • Imaging
  • Internet
  • Media
  • Mobile
    • Cellphones
    • Tablets
  • PC
  • Telecom
Search
© 2023 Goondu Media Pte Ltd. All Rights Reserved.
Reading: Response to SingHealth data breach shows low awareness, rushed decisions
Share
Aa
TechgoonduTechgoondu
Aa
  • Audio-visual
  • Enterprise
  • Gaming
  • Imaging
  • Internet
  • Media
  • Mobile
  • PC
  • Telecom
Search
  • Audio-visual
  • Enterprise
    • Software
    • Cybersecurity
  • Gaming
  • Imaging
  • Internet
  • Media
  • Mobile
    • Cellphones
    • Tablets
  • PC
  • Telecom
Follow US
© 2023 Goondu Media Pte Ltd. All Rights Reserved.
Techgoondu > Blog > Internet > Response to SingHealth data breach shows low awareness, rushed decisions
Internet

Response to SingHealth data breach shows low awareness, rushed decisions

Alfred Siew
Last updated: July 30, 2018 at 6:40 PM
Alfred Siew Published July 27, 2018
8 Min Read
SHARE
SCREENSHOT: SingHealth website

One of the most telling responses to last week’s revelation of the SingHealth data breach comes from a woman simply named Wendy in a news report.

“It seems like the hackers were targeting more prominent figures and not me, so I am less concerned now,” she tells The Straits Times.

You can hardly find a better quote if you want to show how little Singaporeans understand about the worst data breach to hit the country.

For several years now, the authorities have clamped down on companies collecting and exposing NRIC numbers. Here, exposed in an instant, are 1.5 million of them, belonging to a quarter of the population.

Yet, many people seem unperturbed that they are now open to widespread fraud. Their information can be used by a criminal to, say, call up a credit card company and steal more information. Or it can be used for insurance fraud.

Just because these incidents do not happen overnight – the data will eventually make its way to the seedier corners of the Internet to be sold to criminals – doesn’t mean people should be relaxed about having their personal data stolen.

While credit card information might seem more important, don’t forget that personal data like your IC number is permanent. This means a hacker has a record that he can use years later. The same with your address, which doesn’t change all that much.

If parts of the population do not grasp the seriousness of the issue, surely the authorities have to come out to educate them. Unfortunately, they themselves are struggling to come to grips with some realities.

Days after the attack was revealed, Deputy Prime Minister Teo Chee Hean said there should have been Internet surfing separation. In other words, computers connected to the Internet should not be linked to the SingHealth system.

Sure, that may have prevented this attack, which was said to have come through an Internet-connected machine, but would other types of attacks be kept out?

Clearly, no. There is no preventing a cyber attack over time because all it takes is one loophole or an angry employee to expose the most guarded secrets. Just ask the National Security Agency in the United States.

How we prevent an attack is important, but just as crucial is the way we respond to it, because there will be hackers who eventually get through.

There’s something to be learnt from the deadly terrorist attacks in London in 2017. After the dust settled, the British came out to go about life as normally as they could, wary but defiant.

Fortunately, Singapore has only faced a cyber attack. Yet, the response has to be to carry on with the important everyday business instead of closing doors or making things difficult.

By de-linking doctors’ and other healthcare workers’ machines from the Internet, the authorities are making it hard for them to do their work.

Internet segregation may seem like a good idea but put it into practice and you realise how much you cut off the data and information that flows through networks to enable our everyday lives.

This goes against the idea of a smart nation. The government itself is moving away from silos of information stuck at individual agencies so they can share citizen data and deliver better services.

Even the private sector is plugged in. Banks today can verify your income digitally with the government when you apply for a loan.

Internet segregation should be applied to the most sensitive systems, say, those containing military secrets. But a healthcare system that thrives on data for efficiency and efficacy?

More thought needs to be put into this. The productivity losses are not insignificant. The patient care that is affected has to be part of the equation.

Revealing the SingHealth data breach last week, government leaders talked about the need to carry on with Singapore’s smart nation projects. They should let doctors easily have the information needed to provide care by seeking a better solution, not simply the easiest one.

They should also consider remedies for those who are affected. As a senior IT architect, Lai Zit Seng, pointed out in a blog, similar data breaches in the United States have resulted in health insurance companies paying out millions of dollars to help patients monitor their credit.

If there is something to be optimistic about the events this past week, it is that some practices that had been put in place previously have worked.

The fact that the hackers made away with the personal data and prescription information but not data like doctors’ notes could mean they were either detected early or the data was stored separately.

An investigation is ongoing, but it is safe to say that you can expect more to have been exposed if SingHealth was less prepared.

Experience certainly helps. Earlier this week, the Monetary Authority of Singapore (MAS) told financial institutions to tighten up the way they verify customers, in light of the stolen data.

The industry learnt its lessons from the early days of Internet banking in the mid-2000s. Before banks started handing out two-factor authentication (2FA) tokens to people, hackers breaking into people’s accounts and transferring money out were a common threat.

Fortunately, the industry didn’t dump online banking and force people to go to ATM machines. Neither did it cut off technology in a bid to tighten up its security.

Quite the opposite, actually. Banks today are big users of cloud computing and are even dabbling with cutting-edge stuff like blockchain.

That should be the approach for other sectors as well. By beefing up systems – not disconnecting them – and by educating end users of the importance of data protection, they can still deliver useful digital services.

The current response to the SingHealth data breach seems to be: “Don’t panic, we have things under control.” That’s not quite right.

Don’t panic, sure, but you can’t have things under control. Better to let citizens know that a smart nation involves shared risks and responsibilities.

This means looking out for suspicious activities, turning on 2FA for their e-mail accounts and just being generally aware of fake messages tempting them to click on malicious links.

There’s no other way. Being prepared is part of being connected.

 

You Might Also Like

Five ways the Roborock S8 robot vacuum will change the way you clean your home

After another DBS outage, is it time to make banks publicly report service uptime?

As TikTok faces a possible ban in the US, should users elsewhere be worried?

Foodpanda to use Gogoro electric scooters in battery swapping trial with Cycle & Carriage

Debate on computational photography misses what’s real, what’s lived outside a frame

TAGGED: cyber security, data breach, data protection, hacking, SingHealth, think

Sign up for the TG newsletter

Never miss anything again. Get the latest news and analysis in your inbox.

By signing up, you agree to our Terms of Use and acknowledge the data practices in our Privacy Policy. You may unsubscribe at any time.
Alfred Siew July 27, 2018
Share this Article
Facebook Twitter Whatsapp Whatsapp LinkedIn Copy Link Print
Share
Avatar photo
By Alfred Siew
Follow:
Alfred is a writer, speaker and media instructor who has covered the telecom, media and technology scene for more than 20 years. Previously the technology correspondent for The Straits Times, he now edits the Techgoondu.com blog and runs his own technology and media consultancy.
Previous Article Goondu review: LG C8 impresses as an “entry-level” OLED TV
Next Article Huawei zooms in on mid-range smartphone segment in Southeast Asia
Leave a comment

Leave a Reply Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Stay Connected

Facebook Like
Twitter Follow

Latest News

Five ways the Roborock S8 robot vacuum will change the way you clean your home
Internet March 31, 2023
After another DBS outage, is it time to make banks publicly report service uptime?
Enterprise Internet March 30, 2023
Xiaomi 13 Pro review: A photography powerhouse with 1-inch image sensor
Cellphones Mobile March 29, 2023
IT leaders must manage the tension point between application development and security by embracing a DevSecOps approach
Cybersecurity Enterprise Software March 29, 2023
//

Techgoondu.com is published by Goondu Media Pte Ltd, a company registered and based in Singapore.

.

Started in June 2008 by technology journalists and ex-journalists in Singapore who share a common love for all things geeky and digital, the site now includes segments on personal computing, enterprise IT and Internet culture.

banner banner
Everyday DIY
PC needs fixing? Get your hands on with the latest tech tips
READ ON
banner banner
Leaders Q&A
What tomorrow looks like to those at the leading edge today
FIND OUT
banner banner
Advertise with us
Discover unique access and impact with TG custom content
SHOW ME

 

 

POWERED BY READYSPACE
The Techgoondu website is powered by and managed by Readyspace Web Hosting.

TechgoonduTechgoondu
Follow US

© 2023 Goondu Media Pte Ltd. All Rights Reserved | Privacy | Terms of Use | Advertise | About Us | Contact

Join Us!

Never miss anything again. Get the latest news and analysis in your inbox.

Zero spam, Unsubscribe at any time.
 

Loading Comments...
 

    Welcome Back!

    Sign in to your account

    Lost your password?