SingHealth server did not receive security updates for fourteen months


SingHealth, the largest healthcare group of Singapore disclosed to the world on July 19th this year that it became a victim of a cyber attack where hackers succeeded in accessing personal data of more than 1.5 million people and medicine dispense details of about 160,000 people.

Furthermore, reports emerged that the hack also gave access to critical info related to the health of Lee Hsien Loong, the Prime Minister of Singapore.

Now, after two months of detailed inquiry, it has been revealed that the servers of the Singhealth haven’t received security updates for more than 14 months. The reason- the senior manager of the server Mr. Tan Aik Chin at the National Cancer Center Singapore(NCCS) did not do the update Since May 2017 for reasons best known to him and the related authorities.

Later as some senior level staff left the organization, NCCS handed over the task of managing the servers to Integrated Health Information Systems (IHiS) which took the server administration into its hands. But did not follow the standard security updated procedures which led to the data breach.

When Mr. Tan learned about the exploited server he found out that the server wasn’t updated since months and was infected with a virus sometime in July this year. The digital intrusion is said to have occurred on June 27th,2018 not on May 8th of this year, as reported by a certain section of media,) before being discovered on July 4th,2018.

All these details were testified before an Inquiry committee on Thursday on September 27th,2018.

The Cyber Security Agency of Singapore says that the cyber incident could have been avoided if the management followed simple security practices such as keeping the windows server operating system updated with the latest security updates.

The inquiry is said to progress for few more weeks as the testifying committee has learned the fact that there was a misunderstanding between NCCS and IHiS regarding the management of eight research servers which includes the database storing the info of SingHealth patients. And so a clarity in this regard is yet to be testified.

So, more details are awaited!

Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display