Iswaran: Identity of SingHealth hackers known, but will remain undisclosed for national security reasons

Photo: YouTube screengrab

S Iswaran, Singapore’s Minister for Communications and Information, said in Parliament on Tuesday, January 15, that the Government now knows the hacker’s identity in the Singhealth cyber attack. However, this will remain undisclosed in the interest of national security.

However, he did talk about the Advanced Persistent Threat (APT) group, since the hacker showed characteristics of this particular entity, based on the report by the Committee of Inquiry (COI) that investigated the cyber attack on SingHealth. The COI made their report public on January 10.

The SingHealth cyberattack occurred between June and July of 2018. The personal data of more than one million Singaporeans, including that of Prime Minister Lee Hsien Loong himself, was accessed, stolen and copied, and is the largest security breach the country has ever experienced.

It resulted in a S$250,000 fine imposed by the Personal Data Protection Commission (PDPC) on SingHealth. A S$750,000 fine was also imposed on the Integrated Health Information Systems (IHiS), the technology vendor for the country’s health sector. These are the biggest fines that national watchdog PDPC has ever given out.

Iswaran says that APT is “a class of cyber-attackers, typically state-linked, who conduct extended cyber campaigns to steal information or disrupt operations.”

In turn, the COI report states that “…the attacker was well-resourced, and had used advanced techniques and tools to target the SingHealth patient database and illegally exfiltrate patient data. The attacker was persistent, evaded detection for a long time, and even re-entered the network after being detected.”

Iswaran assured Parliament that last year’s cybersecurity attack on will not stop Smart Nation initiatives designed to strengthen economic competitiveness and bring better public services to the country.

He also said that the Government has accepted all the recommendations in the investigation of the COI into the SingHealth security breach, and will be following them in order to prevent similar attacks from recurring.

Here is the link for S Iswaran’s full ministerial statement.

Read related: S$750,000 fine imposed on IHiS, S$250,000 fine on SingHealth, due to country’s worst security breach

S$750,000 fine imposed on IHiS, S$250,000 fine on SingHealth, due to country’s worst security breach

 

 

 

SHARE