Thread: ‘Leaders must be able to take criticism, acknowledge mistakes’: PM Lee
View Single Post
  #1165  
Old 23-07-2018, 10:04 PM
NotMyPresident's Avatar
NotMyPresident NotMyPresident is offline
Samster
  
Join Date: Sep 2017
Posts: 126
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
My Reputation: Points: 358 / Power: 8
NotMyPresident is a living Saint! - you won't find betterNotMyPresident is a living Saint! - you won't find betterNotMyPresident is a living Saint! - you won't find betterNotMyPresident is a living Saint! - you won't find better
Re: ‘Leaders must be able to take criticism, acknowledge mistakes’: PM Lee
SingHealth cyberattack: Did authorities respond fast enough to Singapore’s worst personal data breach?


By Kevin Kwang @KevinKwangCNA

23 Jul 2018 07:52PM (Updated: 23 Jul 2018 09:03PM)




SINGAPORE: As the dust settles on the “most serious breach of personal data” in Singapore’s history - which compromised the records of 1.5 million SingHealth patients, including Prime Minister Lee Hsien Loong - questions have surfaced on whether the authorities responded in a timely enough manner once the threat of a cyberattack was detected.

Database administrators from the Integrated Health Information System (IHIS) detected unusual activity on SingHealth’s IT systems on Jul 4 and put a stop to the data breach activities. It was later that they found out data had been illegally copied and stolen beginning from Jun 27 – eight days before the cyberattack was detected.

From Jul 4 to Jul 9, the administrators continued to monitor the network traffic closely before ascertaining it was a cyberattack and alerted their superiors. On Jul 10, MOH, SingHealth and the Cybersecurity Agency of Singapore (CSA) were informed and forensic investigations carried out.

Mr Jonathan Phua, the co-founder of startup InsiderSecurity, which specialises in early breach detection, told Channel NewsAsia that if an attacker was able to hide in an IT system long enough to steal 1.5 million patients’ records, then the time taken to detect and respond to the threat was “too long”.

But, Mr Phua said it is not easy to detect a sophisticated attacker hiding inside the system, especially if it is state-sponsored – something that other industry experts have stated was a likelihood.

The former DSO National Laboratories researcher pointed to the 2017 Equifax breach, when the personal data of around 150 million US consumers was lost, which was discovered only three months later. Another incident involving the US Office of Personnel Management saw around 20 million employee records stolen in 2015, and that was discovered a year later, he added.


HACK DISCLOSURE A "NOBLE THING TO DO"

Darktrace Asia Pacific managing director Sanjay Aurora said last Friday when news of the hack came to light that for SingHealth to have detected, investigated and reported the incident within a month was a “comparative success”.

“How many other countries around the world are capable of even detecting this attack within a month, let alone be able to conduct a full investigation in this short time period?" Mr Aurora said.

Mr Jeff Hurmuses, managing director of Asia Pacific at US-based cybersecurity firm Malwarebytes, also concluded that the IHIS database administrators acted "promptly" to stem the data leak.

"They actually responded to the breach and disclosed it to potentially affected users very quickly," he said.

FireEye’s Asia Pacific president Eric Hoh lauded the Singapore Government’s decision to notify the public of the SingHealth hack.

“CSA and the Singapore Government have done a good job detecting (the cyberattack) in a timely manner and publicly disclosing the incident – which is a very noble thing to do,” Mr Hoh told Channel NewsAsia, adding that the tendency is there for victims to “sweep the matter under the rug”.

Mr Rajesh Sreenivasan, head of Technology, Media and Telecommunications at Rajah & Tann, said in a phone interview that it is “near impossible” to judge if the Singapore authorities had responded to the detection of the breach in a timely manner without knowing the specifics.

“The reality is that (the) breach notification could be done in stages,” Mr Sreenivasan said.

He added: “Sometimes, the cyberattacks could be part of a larger series of attacks, and notifying the public too early could compromise investigations.”

The lawyer also responded to questions over whether IHIS failed to comply with the Cybersecurity Act, which requires owners of critical information infrastructure in 11 key sectors – of which healthcare is part of – to notify Singapore’s cybersecurity commissioner of “a prescribed cybersecurity incident”, among others. It does not state a timeframe for reporting incidents

Read more at https://www.channelnewsasia.com/news...gh-to-10555632