Health check: Lessons from the recent Singapore data breach – part 1

Thanks to increased connectivity, data is fuelling our digital economy and creating new opportunities in a huge range of different areas such as agriculture, health and manufacturing to name a few. Data is valuable, which makes it an enticing commodity for legitimate and malicious parties alike.

As technology becomes increasingly woven into the fabric of our lives, so too does the threat of cyber-attack. This new reality was recently highlighted when SingHealth, Singapore’s largest healthcare provider, became the victim of a large-scale cyber-attack. The breach resulted in criminals acquiring 1.5 million SingHealth patients’ non-medical personal data. 160,000 of those records contained sensitive information about the patients’ dispensed medicines’ records as well. According to government sources, this makes it the “most serious breach of personal data” recorded in Singapore’s history. It also highlights that no one is exempt from data theft, not even Singapore’s Prime Minister Lee Hsieng Loong, who was also targeted in the attack.

Confronting the cost of data breaches

According to Juniper Research, the cost of data breaches globally is expected to skyrocket to $2 trillion by 2019, highlighting their financial impact. They also affect the bottom line. Last week, Facebook published its Q2 financial results, prompting a $15bn drop in its share value in a single day, with many pointing to its recent data scandals as the trigger.

However, it’s not all doom and gloom. In many ways, this has been a watershed moment for cyber security, with consumers and businesses waking up to the importance of data security. 2018 kicked off with the launch of a “Global Centre for Cybersecurity” at the World Economic Forum in Davos. This year we also saw the General Data Protection Regulation (GDPR) come into enforcement in Europe in May. Globally, we are seeing a growing response to the cyber criminals, and a concerted effort to make organisations take responsibility for their customers’ data.

The SingHealth breach has also already triggered action among Singapore’s financial institutions. The Monetary Authority of Singapore (MAS) last week issued a directive to banks to ensure that they do not solely rely on the kind of information that was stolen during the breach such as name, phone number, address or date of birth.

While it’s great to see a growing response to data protection, businesses should be looking at their own processes and thinking about how they can evolve to address the fluid nature of cyber threats.

In part two of this blog I will discuss how businesses can address cyber-attacks at source.

Read our previous blog about the security challenges which face the IoT here.