Home News Gov't "noble" to disclose Singhealth security breach, says security expert

Gov’t “noble” to disclose Singhealth security breach, says security expert

- Advertisement -

If you think the Singapore government was less than upfront in disclosing the Singhealth security breach, well some security experts may disagree with you.

“CSA and the Singapore Government have done a good job detecting (the cyberattack) in a timely manner and publicly disclosed the incident – which is a very noble thing to do,” Mr Eric Hoh told Channel NewsAsia (CNA)  He said that the tendency was for victims to “sweep the matter under the rug”.

Mr Hoh is the president of Fireye Asia Pacific, a network security company.

- Advertisement 1-

CNA also quoted other security specialists who agreed with Mr Hoh.

Sanjay Aurora, managing director of Darktrace Asia Pacific said “for SingHealth to have detected, investigated and reported the incident within a month is a “comparative success”.”

“How many other countries around the world are capable of even detecting this attack within a month, let alone be able to conduct a full investigation in this short time period?” he said.

Another person CNA spoke to was Jeff Hurmuses, managing director of Asia Pacific at US-based cybersecurity firm Malwarebytes. He said the authorities have acted “promptly” to plug the breach.

“They actually responded to the breach and disclosed it to potentially affected users very quickly,” he said.

The data theft occurred on 4 July, confirmed by the authorities on 10 July, and was only made public on 22 July. Contrary to what the above experts have said, members of the public have questioned why the government took more than 2 weeks to inform the public from the day of the breach itself.

- Advertisement 2-

Lawyer Rajesh Sreenivasan, for example, said it was “near impossible”, without details of the breach, to ascertain if the authorities’ response was timely.

Mr Rajesh is the head of Technology, Media and Telecommunications at law firm Rajah & Tann.

“The reality is that (the) breach notification could be done in stages,” he said, adding that “the cyberattacks could be part of a larger series of attacks, and notifying the public too early could compromise investigations.”

Singapore’s Cybersecurity Act requires any such information leaks to be reported to the cybersecurity commissioner. However, in this case, the administrators of Integrated Health Information System (IHIS) are not required to do so because the law is not yet in force.

Nonetheless, CNA reported:

- Advertisement 3-

“Mr Bryan Tan, partner at Pinsent Masons, who said the Cybersecurity Act is not yet implemented and the notification timeline has yet to be set out when the SingHealth hack took place. 

“He did point out that, on a general level, it is a “fair question” why the regulators and affected persons were not informed of the data breach quicker. He also questioned why the Personal Data Protection Commission (PDPC), which has been investigating data breaches here, does not appear to be involved in this particular case.”

The massive data leak involved the personal records of 1.5m patients, including that of Prime Minister Lee Hsien Loong and Emeritus Senior Minister Goh Chok Tong.

The chief of the Cyber Security Agency of Singapore (CSA), David Koh, said that the stolen data has “no strong commercial value“, when asked earlier if the public should be worried that their personal information was stolen.Follow us on Social Media

Send in your scoops to news@theindependent.sg 

- Advertisement -

Read More

Stories you might’ve missed, Jan 26

Man ‘chopes’ Ang Mo Kio parking lot ‘for a long time’ — Netizens point out there’s a big carpark nearby Photo: FB screengrab/ROADS.sg Singapore — After a man was caught on camera using himself as a way to reserve a parking...

Mum from Greece stranded with toddler at Changi Airport complains about the service & COVID travel experience

Singapore — Travelling with a toddler is challenging, but travelling with a toddler during a pandemic, you double the challenge! Throw in flight delays due...

Dee Kosh to plead guilty to multiple sexual offences, including attempts to exploit teenage boy

Singapore — YouTuber Dee Kosh, who faced accusations of sexual harassment from several young males in 2020, appeared to have his case heard in...

Ex-WP chief Low Thia Khiang joins Jamus Lim on Sengkang walk

Singapore —  Workers' Party legend Low Thia Khang was seen accompanying Workers’ Party MP Jamus Lim (Sengkang GRC) during a recent estate walk.  Prof Lim...

Netizen asks DBS to have locals man call centres, bank’s response to “rest arouse our officers are well-trained regardless” proves her point

Singapore -- In a case of public relations gone slightly awry, DBS Bank got itself into a spot with a netizen on Monday (Jan...

Stories you might’ve missed, Jan 26

Man ‘chopes’ Ang Mo Kio parking lot ‘for a long time’ — Netizens point out there’s a big carpark...

Mum from Greece stranded with toddler at Changi Airport complains about the service & COVID travel experience

Singapore — Travelling with a toddler is challenging, but travelling with a toddler during a pandemic, you double the...

Dee Kosh to plead guilty to multiple sexual offences, including attempts to exploit teenage boy

Singapore — YouTuber Dee Kosh, who faced accusations of sexual harassment from several young males in 2020, appeared to...

Ex-WP chief Low Thia Khiang joins Jamus Lim on Sengkang walk

Singapore —  Workers' Party legend Low Thia Khang was seen accompanying Workers’ Party MP Jamus Lim (Sengkang GRC) during...
Follow us on Social Media

Send in your scoops to news@theindependent.sg