Hello Steemians! It has been a while since I last posted something not related to the Steem-Oracle project. As I was planning to write about a game which I was recently hooked on, an alarming news was released yesterday. SingHealth, Singapore's public healthcare group, was hacked and 1.5 million SingHealth's patients have their personal data being accessed by the hackers.
Based on investigations, the attack started from a front-end workstation which was naturally connected to the larger SingHealth network. Through the front-end workstation, the hackers were able to gradually escalate their system privileges and finally access data from the back-end database. To me this is a very sophisticated and persistent attack. Based on reports, the hackers were deliberately targeting Prime Minister Lee Hsien Loong's medical record. Hence, it is likely by a nation state. Below are some quick facts on the attack provided by Channel News Asia.
My views
As a cybersecurity professional, I asked myself what will I do to rectify this situation. When an incident occurs and is confirmed to be a breach, the first thing to do is to contain the damage. Which Integrated Health Information System (iHiS) did immediately when they detected something was amiss. As soon as they found that there were unusual activities at the database, they stopped the database and took additional security measures. What they likely did was to change all related accounts' passwords and apply more monitoring for odd activities.
Concurrently, while containment is ongoing, logs and evidence have to be preserved for root cause analysis later. Once it is sure that the hackers are unable to deal further damage, the next step would be to analyze and find the root cause. I think iHiS had at least completed some part of the analysis and that is why they can pinpoint that the attack originated from a front-end kiosk. After all these are done, further controls have to be slapped in to prevent future attacks, at least for those from the same attack vector.
If you look a little closer at the reported timeline of events, it was not made known as to when the front-end kiosk was breached. Based on FireEye's (a well-known cybersecurity company) M-Trend report, the median dwell time (the duration a threat actor has undetected access in a network until it’s completely removed) for APAC region is a whopping 496 days in 2017. Applying the statistic to the SingHealth context, the front-end kiosk could have been breached more than a year ago 😯. But of course, this is just my speculations.
Next, let's take a look at the known reported events. The hackers started to exfiltrate data on 27 Jun. In about a week later, 4 Jul, someone noticed something fishy and triggered the incident response procedures. It took them about another week, 4 Jul to 10 Jul, to confirm that they have been breached and reported this to authorities. Based on the survey by SANS institute, about 50% of survey respondents were able to detect and contain an attack under 24 hours. This makes the response time of SingHealth seemed rather mediocre. Then again, the survey could have been plagued by self-reporting bias.
Should we panic?
If you are Singaporean and have visited the above listed medical institutions from 1 May 2015 onwards, then your data might have been exposed. You can head over to this site to check. It will require you to login with your SingPass. I have checked and my data was not exposed 😊. Even if your data has been exposed, those data cannot result in direct financial losses. But, it may allow the hackers to attempt to impersonate you and perform some social engineering attacks on people you know. There might be some opportunistic hackers who will also make use of this news to create fear and hoping to benefit from it somehow. In fact, there are fake SMS messages being circulated already to create such fear sentiments. In a nutshell, there is no need to panic, but there is certainly a need to stay a little vigilant moving forward. Do not just trust any info that are fed to you. Verify the origin and cross check with official sources before you believe in any kind of news circulated through social media or instant messaging.
Thanks for reading! I hope this is useful for all Singaporeans. For the other Steemians, do share your experience if your data has been exposed in any cyberattack. Let me know your thoughts.
It is a dangerous world out there - even in cyber space. Nothing is safe.
I think I am not affected. Thanks for the site to check, but I don't think I will bother, because even if I was affected, what can I do? I will wait for the authorities to notify me.
The cyberspace is in my opinion more dangerous. Haha..
Posted using Partiko Android
true. :-)
I had just received an SMS from Singhealth that my data had been exposed but thankfully no financial losses happened. This calls for the government to strengthen the security of our healthcare digital sector. Upvoted!
Got the SMS that day saying I wasn't affected. Lucky.
Got the SMS
That day saying I wasn't
Affected. Lucky.
- aldentan
I'm a bot. I detect haiku.
one should remain carefil
Congratulations,
you just received a 21.34% upvote from @steemhq - Community Bot!
Wanna join and receive free upvotes yourself?
Vote for
steemhq.witness
on Steemit or directly on SteemConnect and join the Community Witness.This service was brought to you by SteemHQ.com