Home News Featured News S$750,000 fine imposed on IHiS, S$250,000 fine on SingHealth, due to country's...

S$750,000 fine imposed on IHiS, S$250,000 fine on SingHealth, due to country’s worst security breach




- Advertisement -

As penalties for lapses that led to the most severe data breach in Singapore’s history, the Personal Data Protection Commission (PDPC) has imposed high fines on SingHealth and the Integrated Health Information Systems (IHiS). The data breach occurred between June and July 2018, with even the personal data of Singapore’s Prime Minister Lee Hsien Loong compromised.

The fines of S$750,000 to IHiS and S$250,000 to SingHealth are the largest fines that the privacy watchdog has ever imposed.

IHiS is the technology vendor for Singapore’s healthcare sector. The PDPC felt that while the majority of the fault lay with IHiS, SingHealth still needed to take some responsibility for the data breach, in part because of the following reasons.

The staff of SingHealth did not know what to do in responding to the breach. They were also too dependent on IHiS to handle all the security issues. Finally, they also did not grasp, nor did they make the effort to fully understand, the information concerning the breach that was given to them by the IHiS, after the breach had occurred.

- Advertisement -

The PDPC said in a statement on January 15, “Even if organizations delegate work to vendors, organizations as data controllers must ultimately take responsibility for the personal data that they have collected from their customers.”

The security breach gave hackers access to the personal information of 1,500,000 patients in all. Information concerning the medicine prescribed to 160,000 outpatients was also accessed. Much of this information was stolen and copied.

The IHis received a $750,000 fine, due to a report that was published last week, saying that sufficient security measures had not been installed to protect the data from SingHealth under its purview.

SingHealth itself, as the owner of the database system, was given a $250,000 fine.

The PDPC took SingHealth and IHiS’s full cooperation with the investigation into consideration, plus the fact that immediate actions were taken once the extent of the breach was determined.

On July 4, 2018, when the breach was found out, the Integrated Health Information Systems worked with the Cyber Security Agency of Singapore to stop any further hacking of patient information.

On Monday, January 14, IHiS announced the demotion of one employee as well as the firing of two others, in the wake of the report from the Committee of Inquiry, wherein middle-management lapses were detailed.

Other employees were also given financial penalties by the company, the most prominent being Bruce Liang, IHiS’ CEO, due to command responsibility.

Questions concerning the SingHealth data breach have been brought up by Members of Parliament, and these are expected to be discussed in the House on January 15.

SingHealth group CEO Professor Ivy Ng accepted a fine and issued an apology to the patients whose data had been stolen.

“We are making changes to enhance our cyber-security governance structures and improve management oversight of our critical systems.

We are also working with IHiS to comprehensively upgrade our cyber defense systems and processes to more effectively guard against cybersecurity risks, as well as to respond in a timely and robust manner to any intrusion.

We are fully committed to learning and improving from this incident. We will embed cybersecurity consciousness into our daily operations and ensure that stringent measures are in place to safeguard our patients’ data.”

The chairman of SingHealth, Peter Seah, said that the senior leadership team, including the CEO, has also volunteered to accept a financial penalty.

Read related: “Blanket of middle-management mistakes” lead to massive SingHealth data breach—report






Send in your scoop to news@theindependent.sg 

- Advertisement -

Almost 8 out of 10 vote PN can’t survive GE 15 without UMNO

Almost eight out of 10 respondents on a Twitter survey voted that Bersatu will not survive GE-15 without UMNO, according to BFM radio survey held this morning (22/2/2021) during its Morning Run programme. Of the 206 voters (respondents) in the final countdown,...

Foodpanda rider called “Blur Sotong” by netizen

Singapore — A Foodpanda rider shared his unfortunate experience with a customer. He took to Facebook on Saturday morning (Feb 20), sharing screenshots of the conversation. Posted by Chan Okada SJ on Friday, 19 February 2021 The rider shared that the customer had asked...

Journalist claims Karen Mok is the only woman Stephen Chow has ever thought of marrying

Hong Kong -- Last year, comedian Stephen Chow's public and ugly legal battle with his former girlfriend over their finances gave a rare peek into the personal life of the fiercely private 58-year-old. It was reported that out of all the women...

Send in your scoop to news@theindependent.sg