LESSONS FROM SIN­GA­PORE

BioSpectrum (Asia) - - Bio Edit - Milind Kokje Chief Editor milind.kokje@mmac­tiv.com

The re­cent breach of per­sonal data of a large num­ber of pa­tients in Sin­ga­pore has thrown a very se­ri­ous chal­lenge to the health­care in­dus­try which is mov­ing fast to be more and more dig­i­tal across the world. The sheer mag­ni­tude of the breach ex­plains the level of hacker’s ca­pac­ity to pen­e­trate into the dig­i­tal record sys­tem and se­ri­ous­ness of the is­sue.

Over 1.5 mil­lion pa­tients of SingHealth have lost their per­sonal data. In ad­di­tion 160,000 Out Pa­tient Depart­ment (OPD) pa­tients’ data is also com­pro­mised. Be­sides that a very big num­ber of pa­tients is in­volved in this data breach and equally se­ri­ous is­sue is that even the Prime Min­is­ter, Lee Hsien Loong is one of them. It in­di­cates that even VVIP records are not safe.

The only re­lief is that though the per­sonal data of the pa­tients has been com­pro­mised no other pa­tient records like di­ag­no­sis, test re­sults, doc­tors’ notes were stolen or tam­pered with. There was also no de­tec­tion of any sim­i­lar breach in other lo­cal pub­lic health­care IT records.

As an im­me­di­ate pre­ven­tive mea­sure to stop fur­ther theft, the SingHealth au­thor­i­ties has banned em­ploy­ees from ac­cess­ing the in­ter­net on all of its 28,000 work­sta­tions. But a lot of dam­age has al­ready been done. Dam­age even to im­age, per­cep­tion and be­lief – the in­ci­dent has ma­ligned the im­age of the In­te­grated Health In­for­ma­tion Sys­tem (IHIS) and SingHealth and se­verely af­fected the pa­tients’ per­cep­tion and be­lief that the data they pro­vide to health au­thor­i­ties is com­pletely safe.

The breach came to light when the data­base ad­min­is­tra­tors of the IHIS de­tected un­usual ac­tiv­ity on SingHealth’s IT sys­tem on July 4. Later in­ves­ti­ga­tions showed that the steal­ing and copy­ing of the data had be­gun eight days prior to the de­tec­tion. The data was be­ing stolen since June 27.

This has nat­u­rally raised ques­tions about the late de­tec­tion of the data theft. Ex­perts feel that bet­ter de­tec­tion tools would have been able to iden­tify an un­usual level of daily data ac­cess and du­pli­ca­tion. But it seems to not have not hap­pened. How­ever, some other ex­perts feel that de­tect­ing the breach in eight days is a “com­par­a­tive suc­cess”. Many other coun­tries are not ca­pa­ble of de­tect­ing such breach even within a month.

The ex­perts at­tribute this to the highly het­ero­ge­neous health­care en­vi­ron­ment with var­i­ous de­vices and sys­tems in place which are not op­er­at­ing with uni­form se­cu­rity ef­fec­tive­ness. This, they feel, could be a pos­si­ble cause of the breach.

The data breach has put on hold Sin­ga­pore’s Smart Na­tion plans, more im­por­tantly doc­tors’ manda­tory con­tri­bu­tion to the Na­tional Elec­tronic Health Record (NEHR) project that en­ables shar­ing of pa­tients’ med­i­cal data among hos­pi­tals. Such an on­line ac­cess to a pa­tient’s med­i­cal record is ac­tu­ally very use­ful in an emer­gency sit­u­a­tion. Still, in view of the data breach doc­tors have now ex­pressed con­cern over pro­posed law, mak­ing it com­pul­sory for them to sub­mit pa­tients’ data to na­tional e-records sys­tem. In­ter­est­ingly, FAQs in a brochure on NEHR deals with the ques­tion of data se­cu­rity and the re­sponse says “Rig­or­ous se­cu­rity de­fences de­signed ac­cord­ing to in­dus­try best prac­tices are in place to pro­tect your data…… These de­fences are reg­u­larly re­viewed and en­hanced. ….” De­spite this clear as­sur­ance the pa­tients’ con­fi­dence in the tech­ni­cal sys­tem, no doubt, is go­ing to shat­ter. A lot of ef­forts will be re­quired to re­store the pa­tients’ be­lief in the sys­tem. Even doc­tors will find it dif­fi­cult for some time at least to con­vince the pa­tients to al­low to sub­mit their records to NEHR.

Sin­ga­pore is known for data se­cu­rity due to its strong laws & heavy fines and fast jus­tice sys­tem. Still, such a ma­jor data breach has hap­pened dis­re­gard­ing all these fac­tors. One can imag­ine the sit­u­a­tion in coun­tries where these fac­tors are not so strong. Sin­ga­pore is learn­ing its lessons. But there are more im­por­tant and se­ri­ous lessons other coun­tries need to learn from Sin­ga­pore.

Newspapers in English

Newspapers from India

© PressReader. All rights reserved.