2018 SingHealth data breach

Apr 19, 2026 - 16:44

0 0

2018 SingHealth data breach

Updated the public report url in reference 47 to the new working one on MDDI's website

← Previous revision		Revision as of 11:12, 19 April 2026
Line 49:		Line 49:
	On the final day, Cyber Security Agency chief David Koh suggested changing the way IT staff in the healthcare sector report incidents so that faster response can be ensured during a cyberattack, along with a review of the sector's IT processes and staff training carried out. It was also suggested that cybersecurity processes be considered as a key instead of it merely existing as an afterthought. The hearings thus concluded on 14 November 2018.{{cite web \|last1=Baharudin \|first1=Hariz \|title=COI on SingHealth cyber attack: Change the way security incidents are reported, says CSA chief \|url=https://www.straitstimes.com/singapore/coi-on-singhealth-cyber-attack-change-the-way-security-incidents-are-reported-says-csa \|website=The Straits Times \|access-date=3 July 2021 \|date=14 November 2018}}{{cite web \|last1=Sim \|first1=Fann \|title=SingHealth COI: IHiS' systems were built for business efficiency instead of security, says CSA chief \|url=https://www.channelnewsasia.com/news/singapore/singhealth-cyberattack-coi-ihis-systems-csa-chief-10929274 \|website=Channel NewsAsia \|access-date=3 July 2021 \|date=14 November 2018}}{{cite web \|url=https://www.mci.gov.sg/pressroom/news-and-stories/pressroom/2018/11/conclusion-of-scheduled-hearings-for-coi-into-singhealth-cyber-attack \|title=Conclusion of Scheduled Hearings for COI into SingHealth Cyber Attack \|access-date=17 February 2020 \|website=MCI \|date=14 November 2018}}		On the final day, Cyber Security Agency chief David Koh suggested changing the way IT staff in the healthcare sector report incidents so that faster response can be ensured during a cyberattack, along with a review of the sector's IT processes and staff training carried out. It was also suggested that cybersecurity processes be considered as a key instead of it merely existing as an afterthought. The hearings thus concluded on 14 November 2018.{{cite web \|last1=Baharudin \|first1=Hariz \|title=COI on SingHealth cyber attack: Change the way security incidents are reported, says CSA chief \|url=https://www.straitstimes.com/singapore/coi-on-singhealth-cyber-attack-change-the-way-security-incidents-are-reported-says-csa \|website=The Straits Times \|access-date=3 July 2021 \|date=14 November 2018}}{{cite web \|last1=Sim \|first1=Fann \|title=SingHealth COI: IHiS' systems were built for business efficiency instead of security, says CSA chief \|url=https://www.channelnewsasia.com/news/singapore/singhealth-cyberattack-coi-ihis-systems-csa-chief-10929274 \|website=Channel NewsAsia \|access-date=3 July 2021 \|date=14 November 2018}}{{cite web \|url=https://www.mci.gov.sg/pressroom/news-and-stories/pressroom/2018/11/conclusion-of-scheduled-hearings-for-coi-into-singhealth-cyber-attack \|title=Conclusion of Scheduled Hearings for COI into SingHealth Cyber Attack \|access-date=17 February 2020 \|website=MCI \|date=14 November 2018}}

	The closing submissions were held on 30 November 2018. Proposals to improve cybersecurity were shared, including the "assume breach" mindset in organisations thus taking necessary measures, having the right people and processes to complement those measures. It was also pointed out that administrator passwords are supposed to be 15 characters long, but one had a problematic password of eight characters which was unchanged since 2012. Lastly, even if measures were put in place to slow down cyberattacks, it is important to note that the attack was done via an advanced persistent threat (APT).{{cite web \|last1=Baharudin \|first1=Hariz \|title=Organisations must prepare for cyber breaches, as if already under attack: SingHealth COI chair \|url=https://www.straitstimes.com/singapore/organisations-must-prepare-for-cyber-breaches-as-if-already-under-attack-singhealth-coi \|website=The Straits Times \|access-date=3 July 2021 \|date=30 November 2018}}{{cite web \|last1=Kwang \|first1=Kevin \|title=Improve staff awareness of cybersecurity, better incident response proposed as SingHealth COI ends \|url=https://www.channelnewsasia.com/news/singapore/singhealth-coi-ends-cybersecurity-recommendations-10985254 \|website=Channel NewsAsia \|access-date=3 July 2021 \|date=30 November 2018}} Subsequently, the report was submitted to S. Iswaran on 31 December 2018 with the public version released on 10 January 2019.{{cite web \|last1=Tham \|first1=Irene \|url=https://www.straitstimes.com/singapore/top-secret-report-on-singhealth-attack-submitted-to-minister-in-charge-of-cyber-security \|title=Top-secret report on SingHealth attack submitted to Minister-in-charge of Cyber Security \|access-date=17 February 2020 \|website=The Straits Times \|date=31 December 2018}}{{cite web \|title=Public Report of the Committee of Inquiry (COI) into the cyber attack on Singapore Health Services Private Limited Patient Database \|url=https://www.~~mci~~.gov.sg/~~pressroom/news-and-stories/pressroom/2019/1~~/public-report-of-the-coi \|website=~~MCI~~ \|access-date=22 April ~~2021~~ \|date=10 January 2019}}		The closing submissions were held on 30 November 2018. Proposals to improve cybersecurity were shared, including the "assume breach" mindset in organisations thus taking necessary measures, having the right people and processes to complement those measures. It was also pointed out that administrator passwords are supposed to be 15 characters long, but one had a problematic password of eight characters which was unchanged since 2012. Lastly, even if measures were put in place to slow down cyberattacks, it is important to note that the attack was done via an advanced persistent threat (APT).{{cite web \|last1=Baharudin \|first1=Hariz \|title=Organisations must prepare for cyber breaches, as if already under attack: SingHealth COI chair \|url=https://www.straitstimes.com/singapore/organisations-must-prepare-for-cyber-breaches-as-if-already-under-attack-singhealth-coi \|website=The Straits Times \|access-date=3 July 2021 \|date=30 November 2018}}{{cite web \|last1=Kwang \|first1=Kevin \|title=Improve staff awareness of cybersecurity, better incident response proposed as SingHealth COI ends \|url=https://www.channelnewsasia.com/news/singapore/singhealth-coi-ends-cybersecurity-recommendations-10985254 \|website=Channel NewsAsia \|access-date=3 July 2021 \|date=30 November 2018}} Subsequently, the report was submitted to S. Iswaran on 31 December 2018 with the public version released on 10 January 2019.{{cite web \|last1=Tham \|first1=Irene \|url=https://www.straitstimes.com/singapore/top-secret-report-on-singhealth-attack-submitted-to-minister-in-charge-of-cyber-security \|title=Top-secret report on SingHealth attack submitted to Minister-in-charge of Cyber Security \|access-date=17 February 2020 \|website=The Straits Times \|date=31 December 2018}}{{cite web \|title=Public Report of the Committee of Inquiry (COI) into the cyber attack on Singapore Health Services Private Limited Patient Database \|url=https://www.mddi.gov.sg/newsroom/public-report-of-the-coi/ \|website=MDDI \|access-date=19 April 2026 \|date=10 January 2019}}

	== Release of report ==		== Release of report ==

What's Your Reaction?

Like 0

Dislike 0

Love 0

Funny 0

Angry 0

Sad 0

Wow 0

Related Posts

User talk:Rezakaisar91

Apr 20, 2026 0 0

Vanuatu Council of Trade Unions

Apr 20, 2026 0 0

User:ShadowBallX/Articles

Apr 20, 2026 0 0

Variety Artistes' Federation

Apr 20, 2026 0 0

University of Chile Student Federation

Apr 20, 2026 0 0

Vancouver and District Waterfront Workers' Association

Apr 20, 2026 0 0

Comments