Home News Gov't "noble" to disclose Singhealth security breach, says security expert

Gov’t “noble” to disclose Singhealth security breach, says security expert




- Advertisement -

If you think the Singapore government was less than upfront in disclosing the Singhealth security breach, well some security experts may disagree with you.

“CSA and the Singapore Government have done a good job detecting (the cyberattack) in a timely manner and publicly disclosed the incident – which is a very noble thing to do,” Mr Eric Hoh told Channel NewsAsia (CNA)  He said that the tendency was for victims to “sweep the matter under the rug”.

Mr Hoh is the president of Fireye Asia Pacific, a network security company.

- Advertisement -

CNA also quoted other security specialists who agreed with Mr Hoh.

Sanjay Aurora, managing director of Darktrace Asia Pacific said “for SingHealth to have detected, investigated and reported the incident within a month is a “comparative success”.”

“How many other countries around the world are capable of even detecting this attack within a month, let alone be able to conduct a full investigation in this short time period?” he said.

Another person CNA spoke to was Jeff Hurmuses, managing director of Asia Pacific at US-based cybersecurity firm Malwarebytes. He said the authorities have acted “promptly” to plug the breach.

“They actually responded to the breach and disclosed it to potentially affected users very quickly,” he said.

The data theft occurred on 4 July, confirmed by the authorities on 10 July, and was only made public on 22 July. Contrary to what the above experts have said, members of the public have questioned why the government took more than 2 weeks to inform the public from the day of the breach itself.

Lawyer Rajesh Sreenivasan, for example, said it was “near impossible”, without details of the breach, to ascertain if the authorities’ response was timely.

Mr Rajesh is the head of Technology, Media and Telecommunications at law firm Rajah & Tann.

“The reality is that (the) breach notification could be done in stages,” he said, adding that “the cyberattacks could be part of a larger series of attacks, and notifying the public too early could compromise investigations.”

Singapore’s Cybersecurity Act requires any such information leaks to be reported to the cybersecurity commissioner. However, in this case, the administrators of Integrated Health Information System (IHIS) are not required to do so because the law is not yet in force.

Nonetheless, CNA reported:

“Mr Bryan Tan, partner at Pinsent Masons, who said the Cybersecurity Act is not yet implemented and the notification timeline has yet to be set out when the SingHealth hack took place. 

“He did point out that, on a general level, it is a “fair question” why the regulators and affected persons were not informed of the data breach quicker. He also questioned why the Personal Data Protection Commission (PDPC), which has been investigating data breaches here, does not appear to be involved in this particular case.”

The massive data leak involved the personal records of 1.5m patients, including that of Prime Minister Lee Hsien Loong and Emeritus Senior Minister Goh Chok Tong.

The chief of the Cyber Security Agency of Singapore (CSA), David Koh, said that the stolen data has “no strong commercial value“, when asked earlier if the public should be worried that their personal information was stolen.Follow us on Social Media

Send in your scoops to news@theindependent.sg 

- Advertisement -

Yee Jenn Jong to Goh Chok Tong: Don’t blame social media for fewer people wanting to join politics

Singapore—Standing Tall, the second volume of former Prime Minister Goh Chok Tong’s biography, was launched only last Friday (May 7), but the Workers’ Party’s Mr Yee Jenn Jong is already questioning one of the statements Mr Goh makes in the book. The...

‘Go back, bloody Indians,’ says S’porean man to expat family at Pasir Ris Beach Park

Singapore – A man who repeated he was Singaporean and an NS (National Service) man was spotted accusing an expatriate family of four of spreading the Covid-19 virus in Singapore. A video of the altercation, reported to have occurred on May 2,...

Ho Ching explains to Calvin Cheng why S’pore is vaccinating slowly

Singapore – Information on why Singapore has not been able to vaccinate fast enough was highlighted by former Nominated Member of Parliament Calvin Cheng on social media. Mr Cheng took to Facebook on Sunday (May 9) to share screenshots of a Facebook...
Follow us on Social Media

Send in your scoops to news@theindependent.sg