Singapore: cyber attack on health information systems

(To Alessandro Rugolo)
23/07/18

Singapore, a city-state at the center of the economic and financial world, at the top of the ranking published by the World Economic Forum in Global Information Technology Report of the 2016, in front of nations like Finland, Sweden, Norway, United States, Netherlands, Switzerland, United Kingdom, Luxembourg and Japan. Just to have a comparison, in the 2016 the United States was in fifth place, Italy instead was forty-fifth, preceded by Costa Rica and followed by Macedonia ...

With a population of just over 5 million, Singapore is at the forefront of many of the world rankings. Surely it can boast one of the highest Human Development Indexes (HDI) and one of the highest GDP per capita. Yet, perhaps for these reasons, Singapore is also at the top of another ranking, that of the country from which the largest number of cyber attacks in the world, at least to want to listen to Israeli society Check Point which monitors the daily progress of attacks through its systems (more than 10 million attacks per day are recorded!).
Naturally there is no mathematical certainty that an attack comes from a State rather than a simple point of passage but in any case the evidence that allows you to see the other side of the coin related to the Networked Readiness Index1.

But let's see for a moment why there has been so much talk about Singapore these days.
The news in newspapers all over the world informs us that the personal and health data of 1,5 millions of people have been stolen from the health information system.
On July 4, the administrators of the information system became aware of suspicious activity in the database and immediately raised the alarm and raised the security measures, effectively interrupting the attack.
From the investigations that resulted from it was possible to understand that it was indeed a cyber attack (to realize the fact took 6 days) and not a malfunction and only at this point was informed the Minister of Health and the Cyber Singapore Security Agency.
Hackers have had the opportunity to act undisturbed from the 27 June and up to the 4 July.
Only at this point has it begun to take the necessary measures to inform patients of the subtraction of data, activities still underway.

Access to the health information system seems to have occurred for priviledge escalation. This means that hackers may have had the chance to act with system administrator credentials, and this suggests that the health information system is not the only one affected, because in a social system that makes extensive use of 'information and communications often administrators must access remote systems with which there must be a certain level of interoperability for data exchange: only by way of example may it be necessary to exchange data with a payment or reporting system for administrative or even a bank system to charge fees.
While it is true that network and system administrators are generally alert and aware of the risks they run, the error is still human so having access to the system for a week could have allowed hackers to carry out intelligence activities on other systems. somehow related, activities that will take time to analyze.

How important can personal health data be? What can these hackers get from healthcare patients?

Let's try to analyze what earning possibilities hackers have in hand:

  • the health picture of important patients could have a significant impact on political decisions or corporate investments;
  • the knowledge of personal data associated with the health care system (telephone number, address, maybe even credit card details or identity card numbers) can be used for social engineering activities that aim, for example, to identify the identity, causing further economic damage;
  • the knowledge of the systems interfaced to the health system, obtained through the attack, to be exploited for subsequent cyber attacks;
  • the greatest damage however could be that brought to the image of Singapore. The first of the class in the NRI index certainly can not afford accidents of this level!

It is easy to understand as if on one hand the ICT world is to be considered a force multiplier, on the other hand it exposes those who use it to greater risks that must be managed appropriately and in good time.

At the moment it is not clear who could be behind the attack. According to cyber experts it was an attack conducted with a high level of sophistication, this would suggest some state organization, capable of conducting APT (advanced persistent threath) operations and if that were the case, it should be expected that it did not end there.

We will see, in the coming months, what the consequences of this attack on the Singapore health information system will be.

Meanwhile, we can ask some questions:

  1. In Italy what would have happened in a similar case?
  2. How long would it take our experts to realize that they were under attack?
  3. Once understood to be under attack, would the NIS directive be respected with particular reference to the obligation to manage the risk that involves the reporting of cyber incidents or would have prevailed other logic and other interests?

Of course I am convinced that our experts would have acted the best, but if it is true that we are in 45 position (according to the NRI index), "doing our best" would have been enough?

  

1 The Networked Readiness Index measures the propensity of States to exploit the possibilities offered by the use of information and communication technologies (ICT). Singapore was also at the top of the list in the 2015.

To learn more:

- https://www.todayonline.com/singapore/hackers-stole-medical-data-pm-lee-...
- https://www.weforum.org/reports/the-global-information-technology-report...
- https://www.openaccessgovernment.org/singapore-london-and-barcelona-name...
- http://reports.weforum.org/global-information-technology-report-2016/net...
- https://www.billingtoncybersecurity.com/singapore-ranks-number-1-cyberse...
- https://www.smartcity.press/singapore-smart-city-awards-2017/
- https://www.gov.sg/news/content/channel-newsasia---singhealth-cyberattac...
- https://www.bloomberg.com/news/articles/2017-09-21/singapore-ranks-first...
- https://threatmap.checkpoint.com/ThreatPortal/livemap.html
- https://www.vanguardngr.com/2018/07/state-actors-likely-behind-singapore...

(photo: web)

Events

Click on the days highlighted in red and find out what's in evidence.
Tales of military life
Send us your story
Tribute (due) to the 80th "Roma" infantry who takes leave with honor

Well, yes, we are now used to witnessing the closure of the barracks and perhaps even a little to burying the long history of the departments, a phenomenon which however does not erase the memories. It also touched...

Read the story
"Il Signor Parolini" (ninth part)

The baked chicken, as expected, had lived up to its reputation, consolidating, where needed, the undisputed culinary mastery of Gastone, chief ...

Read the story