SingHealth Scammers Try to Cash in on Major Breach

Singaporean healthcare giant (HCO) SingHealth is warning patients not to fall for follow-on vishing and smishing attempts after the country suffered its most serious breach to date last week.

The Ministry of Health explained in a statement on Friday that 1.5 million patients who visited outpatient clinics and polyclinics between May 2015 and July 2018 had non-medical data stolen. This included names, NRIC numbers, addresses, gender, race and dates of birth. Even the Prime Minister Lee Hsien Loong is said to have been affected.

Information on dispensed medicines for around 160,000 of these patients was also exfiltrated.

“CSA [Cyber Security Agency of Singapore] has ascertained that the cyber attackers accessed the SingHealth IT system through an initial breach on a particular front-end workstation. They subsequently managed to obtain privileged account credentials to gain privileged access to the database,” the government explained.

“Forensic investigations have confirmed that this was a deliberate, targeted and well-planned cyberattack. It was not the work of casual hackers or criminal gangs.”

SingHealth is in the process of contacting those affected by text, but has been forced to warn patients of attempts to hijack the process by scammers.

A Facebook update provided information on what an official SMS from the HCO looks like, to help individuals avoid being duped by phishing texts. A separate “phone scam alert” confirmed that SingHealth will not contact patients by phone unless they’ve been specifically asked to, and will not ask for personal and financial information.

Darktrace APAC managing director, Sanjay Aurora, argued that the authorities had done quite well to detect, investigate and report in under a month, following the July 4 discovery of suspicious activity.

“Like other kinds of personal data, medical information can be easily monetized via criminal forums. But beyond making a quick buck, a more sinister reason to attack would be to cause widespread disruption and systemic damage to the healthcare service — as a fundamental part of critical infrastructure — or to undermine trust in a nation’s competency to keep personal data safe,” he said.

“Networks in the healthcare sector are now ‘digital jungles’ and well-resourced attackers take the time and effort to conduct low and slow attacks to discover vulnerabilities, often silently exploiting them over long periods of time. Once their work is done, they are expert in covering their tracks, making attribution extremely difficult.”

What’s Hot on Infosecurity Magazine?