Data breaches have become commonplace, with reports of new businesses and customer data being compromised regularly. It’s created a world where every customer across the globe is wondering when – not if – their information will end up on the Dark Web, and what the next major breach will be.
One of the latest victims is Singapore’s largest healthcare provider, SingHealth, which acknowledged it suffered a major data breach impacting about a quarter of the country’s population – including Prime Minister Lee Hsien Loong. Abnormal activity on the network was first detected on July 4, which was shortly thereafter confirmed as a cyber attack that began on June 27 and was initiated when thieves gained access to a front-end workstation.
SingHealth has since sent text messages to some 700,000 customers who visited its clinics in the past three years notifying them of the breach and has set up a website for patients to check whether their information was compromised. The hackers gained access to personal information; including names, addresses, birth dates, and identity card numbers. About 160,000 patients also had their outpatient medication data accessed.
Singapore’s Ministry of Communications and Information and Ministry of Health indicated that the hackers specifically targeted the Prime Minister’s information, and Lee commented on Facebook, “Perhaps they were hunting for some dark state secret, or at least something to embarrass me. If so, they would have been disappointed. My medication data is not something I would ordinarily tell people about, but there is nothing alarming in it.”
An investigation is still undergoing but, regardless of motive, this is the latest large-scale attack on the healthcare industry. The UK’s National Health Service was shut down by last year’s WannaCry epidemic, and back in 2015, Anthem, the second largest health insurance provider in the U.S. experienced a breach of about 79 million patients’ personal information.
Whether this signifies a major security crisis in the healthcare sector or not, it certainly shows that the industry is a major target and standards are not enough to thwart attacks. While no medical records were accessed in the SingHealth attack, it’s another case of personal information being stolen and likely ending up for sale to the highest bidder.
Customers, then, are forced to wonder how they can keep their information secure and prevent identity fraud. The answer, unfortunately, is there’s little individuals can do to impact corporate security, especially with cyber criminals constantly using new and enhanced tactics. But, customers can help protect themselves on a personal level by properly managing their passwords and regularly monitoring their own accounts for suspicious activity. In the U.S., the FTC has mandated that each of the three major credit reporting agencies provide one free credit report to each person every 12 months.
On a corporate level, company executives have to make investments in the latest security technologies and experienced personnel, and they must be diligent in continuously monitoring for attacks. No company is too small, nor too large. If you’re serious about your corporate security posture, find out how VoiceVault can help prevent you from becoming the next SingHealth.