Cyber-Attack on Singapore Health Database Paper Example

Retrieved from: https://www.smh.com.au/business/consumer-affairs/attack-on-singapore-health-database-steals-details-of-1-5m-including-pm-20180720-p4zsre.html

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Save 25%

A major cyber-attack on Singapore's government health database stole the personal information of about 1.5 million people, including Prime Minister Lee Hsien Loong, the government said on Friday.

The "deliberate, targeted and well-planned" attack was aimed at patients who visited clinics between May 2015 and July 4 this year, the Health Ministry said in a statement.

It was not the work of casual hackers or criminal gangs," the ministry said, adding that the attackers targeted details about Lee and the medicines he received.

"The attackers specifically and repeatedly targeted Prime Minister Lee Hsien Loong's particulars and information on his outpatient dispensed medicines," it said.

The news comes as Australians have been given three months to opt out of the federal government's national medical database, My Health Record.

The federal government is automatically assigning each Australian a digital health record unless they opt out.

The decision has stirred up a debate between GPs, peak mental health bodies, hospital staff, privacy advocates and computer security professionals about the benefits these records provide weighed against privacy concerns for such deeply intimate files.

The system promises to centralize health records, allowing patient information to be readily available to various medical professionals across the country, and potentially saving lives by, among other benefits, alerting doctors of patient allergies and medications.

A major concern for some when deciding whether to opt their children out is that, while a digital health file can be cancelled when their children grow older, it cannot be deleted; the government says it will be kept for 30 years after a person's death.

However, after cancellation, the record will be made unavailable to health practitioners.

Priority Intelligence Attacks

Various organizations are embracing technology, and its benefits since the threats from cyber-attacks have been on the increase. Hackers have different motivations and objectives of perpetrating an attack, and it is important to effectively evaluate an incident and collect data that can be used in mitigating future incidences (Krisberg, 2017). Cyber-attacks have become more sophisticated prompting organizations to come up with better security methods to prevent their occurrence. Some of the attacks are not discovered until great losses have been incurred by the organization thus the need to remain vigilant and ensure that systems are secure to mitigate the threats (Krisberg, 2017). The Singapore attack on the public health system is an attack that requires careful evaluation of the facts and data before strategies for mitigating the attack are devised.

The priority intelligence requirements for the attack are as follows:

• What are the limits of the areas of operation within the health care system?
• What are the potential areas of interest?
• What are the growth plans of the public health care system?
• What are the overall priorities of the management of the public health care system?
• What are the risk management priorities?
• What are the structure of Singapore's public healthcare and its influence on the network architecture?
• The regulatory factors that affect the ability of the business to protect it?
• What are the current legislative jurisdictions that can influence the network defense used by the system (Dion, 2018)?
• Which are the current regulatory actions that may affect the health care system operations?
• What is the future expected changes in regulations that may affect the operations of the business?
• Who does the country involve the regulatory agencies for the protection of cyber threats?
• What are the policies and standards applied by the health care system?
• What is the effect of the network topology on the network defense and threat operations?
• Which are the existing private circuits connecting the various departments in the organization?
• What domain name does the healthcare system owners and their use?
• What cloud services are used by the firm?
• Which are the virtual private networks used by the organization for remote access of the database and their effect on the topology of the system?
• What are the existing ISPS and backup/redundant connection (Dion, 2018)?
• What type of threats does the entity fear most?
• What type of threat was the attack?
• What losses were incurred by the health care system?
• What were the consequences of the attack or the expected effects?
• How and when was the attack discovered?
• How were the attackers able to have access to the network used by the health care system?
• What are the existing weaknesses and peculiarities of the network that affect its defense and threat (Dion, 2018)?
• What are some of the incidents that have occurred before the current attack?
• Which are the existing vulnerable trust relationships?
• Who are the hackers and their relation with the organization and the motivating factors for perpetrating the attack?
• Who are the users of the system and what risks do they expose the network?
• Who are the database administrators, their qualifications and role in ensuring the security of the health care system?

References

Dion, M. (2018). Intelligence and Cyber Threat Management. In Cybersecurity Best Practices (pp. 363-392). Springer Vieweg, Wiesbaden.

Krisberg, K. (2017). Cybersecurity: Public health is increasingly facing threats. American Journal of Public Health, 107(8), 1195.

The Sydney Morning Herald. ( 2018). Cyber Attacks on Singapore Health Database. Retrieved from: https://www.smh.com.au/business/consumer-affairs/attack-on-singapore-health-database-steals-details-of-1-5m-including-pm-20180720-p4zsre.html