Singapore imposes S$1mil in fines over cyberattack
Singapore: Singapore’s privacy watchdog has imposed fines of S$1mil (RM3mil) on a healthcare provider and an IT agency over a cyberattack that saw health records of about a quarter of the population stolen.
In the city-state’s biggest ever data breach, hackers last year gained access to a government database and made off with the records of 1.5 million people, including Prime Minister Lee Hsien Loong.
An official inquiry last week highlighted a litany of failings, including weaknesses in computer systems and inadequate staff training and resources, and said authorities believed a state was likely behind the attack.
The Personal Data Protection Commission said yesterday that it was fining Integrated Health Information Systems, which runs the IT systems for Singapore’s public healthcare sector, S$750,000 (RM2.2mil).
SingHealth, a healthcare provider which groups some public hospitals and clinics, was hit with a S$250,000 (RM756,000) fine.
The commission said the organisations had failed to “make reasonable security arrangements to protect personal data of individuals”.
The stolen information was “highly sensitive and confidential personal data,” it said.
“It is not difficult to imagine the potential embarrassment that a patient may suffer if such sensitive information about the patient and the patient’s health concerns were made known to all and sundry.”
Officials have not disclosed which state they believe was behind the breach.
Analysts say Russia – which is accused of meddling in the US presidential election – China, Iran and North Korea are believed to have the capability to carry out such attacks.
Singapore’s government says it fends off thousands of cyberattacks daily and has long warned of breaches by actors as varied as high school students in their basements to nation states. — AFP