Singapore Expats Forum

Let's wildly speculate about who hacked Singhealth and how incompetent the response has been.

Discuss about the latest news & interesting topics, real life experience or other out of topic discussions with locals & expatriates in Singapore.

User avatar
PNGMK
Governor
Governor
Posts: 5806
Joined: Thu, 21 Mar 2013
Location: Sinkapore

Let's wildly speculate about who hacked Singhealth and how incompetent the response has been.

Postby PNGMK » Sun, 05 Aug 2018 6:19 pm

I'm up to three letters now to my house addressed to three different people apologising for the hack.

They can't even get their own data correct.

State actor hacked it? To get at LSL medical data? That's just what the hackers want you to think.

In the meantime my NRIC and enough data related to it float around the deep web. Damn.
IANAL. IANACPA. IANA Teacher.
Arrested? Lawyer Up
International School job? School website or http://www.ISS.edu
School advice? Avoid for profit schools
Tax advice? CPA
Pay me $5k for 100% success filling in PR form!

bgd
Editor
Editor
Posts: 1411
Joined: Wed, 25 Jul 2007

Re: Let's wildly speculate about who hacked Singhealth and how incompetent the response has been.

Postby bgd » Mon, 06 Aug 2018 10:13 am

How can the hackers monetize the data - is there enough info to be useful and is the quantity large enough? Numbers are pretty small by recent standards.

If they can't then you look to who else might be interested in it, which is where your State actors may come into play. However from the one letter we have received they "say" only identifying data was compromised, not medical records, so doesn't seem that useful. Perhaps the embarrassment factor is enough.

Maybe just some kid in his bedroom experimenting with tools he found on the net.

User avatar
PNGMK
Governor
Governor
Posts: 5806
Joined: Thu, 21 Mar 2013
Location: Sinkapore

Re: Let's wildly speculate about who hacked Singhealth and how incompetent the response has been.

Postby PNGMK » Mon, 06 Aug 2018 2:35 pm

Hi BGD. The problem is there is no obvious way to lock down the system (i.e. stop people misusing the data - i.e. a credit freeze or whatever). All it takes is this data and some reasonably good NRIC cards with the data and they can do a lot of harm to your credit - so yes I think they will be trying to monetize it. Even if it's a state actor they may still offer on the dark web to distract the investigators.

Who hacked it? Someone with a pretty good toolset - I doubt a script kiddie could have done it. It's appalling that it could happen and that the data wasn't properly segmented and separated into DMZ's. I truly hope Singapore Intelligence gets this one sorted. I've never, ever liked having all my data linked to one key (my IC).
IANAL. IANACPA. IANA Teacher.
Arrested? Lawyer Up
International School job? School website or http://www.ISS.edu
School advice? Avoid for profit schools
Tax advice? CPA
Pay me $5k for 100% success filling in PR form!

bgd
Editor
Editor
Posts: 1411
Joined: Wed, 25 Jul 2007

Re: Let's wildly speculate about who hacked Singhealth and how incompetent the response has been.

Postby bgd » Tue, 07 Aug 2018 9:56 am

I have a certain amount of sympathy for the intrusion, it's difficult to remove the human element.

I get several malicious phishing emails a week. Easy to spot and we have a mechanism to route to a security group who deal with them and also feedback. The same group send out periodic test mails, again easy to spot. But it amazes me how often well trained IT professionals click on these mails. What chance does a government department have?

As to how the data was stored and segregated, that's a different matter.


  • Similar Topics
    Replies
    Views
    Last post

Return to “General Discussions”

Who is online

Users browsing this forum: No registered users and 5 guests