CP70044O: In Singapore’s Worst Cyber Attack, Hackers Infiltrated the Databases: Security Operations & Assurance Assignment, UoWL, Singapore

Cyber Security Breach

1. In Singapore’s worst cyber attack, hackers infiltrated the databases of SingHealth, the largest group of healthcare institutions here. The personal particulars of 1.5 million patients, including the outpatient prescriptions of Prime Minister Lee Hsien Loong and a few ministers, were stolen.

2. About 1.5 million patients who visited SingHealth’s specialist outpatient clinics and polyclinics from May 1, 2015, to July 4, 2018, had their personal particulars illegally accessed and copied. The records were not tampered with.

3. July 4, 2018. Integrated Health Information Systems (IHiS) detects unusual activity in one of SingHealth’s IT databases. Security measures are taken, including:

a) Changing servers and database administration passwords
b) Restricting domain administration access
c) Monitoring database and system logs
d) Blocking connections to prevent further access

4. July 10, 2018. Ministry of Health (MOH), SingHealth and Cyber Security Agency (CSA) are informed after initial forensic investigations confirm the cyber attack.

5. July 12, 2018. SingHealth files a police report and investigations are ongoing. July 20, 2018. SingHealth starts to contact all patients who visited its specialist outpatient clinics and polyclinics from May 1, 2015, to July 4, 2018, to notify them if their data had been breached.

6. How did it happen? “This was a deliberate, targeted and well-planned cyberattack,” the authorities said. Initial investigations showed that one SingHealth front- end workstation was infected with malware through which the hackers gained access to the database. The data theft happened between June 27 and July 4. More malicious activities were observed during heightened monitoring. But no more data had been stolen. Healthcare services were not disrupted and patient care was not compromised during the attack, said the authorities.

7. The hackers infiltrated the computers of SingHealth, Singapore’s largest group of healthcare institutions. 1.5 million patients’ data stolen. The data stolen included names, NRIC numbers, addresses, gender and race information, and dates of birth. About 160,000 of these patients also had their outpatient prescriptions stolen. The attackers specifically and repeatedly targeted PM Lee’s personal particulars and information on medicine that had been dispensed to him. The authorities say a few ministers were also targeted but declined to identify them.

Task details

The enterprise you work for offers Security Operations Centre (SOC) services and is looking to develop a SOC focused against supporting and providing security services to Healthcare Institutions.

• You as security operations and assurance consultant have been asked to provide an assurance report to improve the situation.

Within your considerations, the following needs to be considered: IISP Security Skill Groups D (Information Assurance Methodologies), F.1 (Incident Management), G (Audit Assurance and Review), and H (Business Continuity Planning and Management).

• Demonstrate skills in security assessment and testing in order to assure a high degree of confidence and trust.
• Identify areas for further investigation and look at one of these areas in addition to the network design.
• Identify key critical success factors in developing this solution.
• State any significant assumptions that have been made.