This, despite the fact that the breach that affected 1.5 million patients was only announced yesterday – 16 days after unusual activity was first detected on Singhealth IT databases on 4 July; 10 days after the Ministry of Health was given confirmation that the unusual activity was due to a cyber attack on 10 July; and 8 days after the authorities made a police report.
In making the point that the Singapore government has been praised for how it has handled the breach so far, the Business Times cited two sources.
The first, PwC partner Tan Shong Ye, noted that the government “responded swiftly” to the incident and said that it is “good that action was taken immediately after the threat was detected to minimise the risk of further data exfiltration.”
The second source, cybersecurity company FireEye’s Asia Pacific branch president Eric Hoh, said that he hopes more governments would follow Singapore’s lead in disclosing breaches.
Considering the scale of the breach, the time it took the authorities to disclose the breach and the fact that the two sources simply noted that the Government’s response is “good,” Singaporeans responding to the Business Times’ article were puzzled over why the publication angled the story as such: