Why Cyber Security is Critical - A Case In Point

The recent unfortunate cyber breach of healthcare group, SingHealth, has reportedly impacted almost 1.5 million patients who visited SingHealth’s specialist outpatient clinics and polyclinics between 1 May 2015 and 4 July 2018. During the cyber breach, non-medical personal details were reported to have been illegally accessed and copied. In addition, outpatient medical data of up to 160,000 patients were compromised. The stolen data included patients' names, identification numbers, addresses, gender, race, and dates of birth.
 
SingHealth, as well as Integrated Health Information Systems (the technology outsourcing arm of public hospitals in Singapore), are bound by the Personal Data Protection Act (PDPA) which has been in force since July 2014 and requires organisations to protect consumers' personal data or risk fines up to $1 million. As the recent cyber attack on SingHealth involved consumers' personal data, the Personal Data Protection Commission (PDPC) will be investigating issues associated with PDPA compliance, arising from the incident.
 
Further, the Monetary Authority of Singapore (MAS) has notified all financial institutions ("FI") in Singapore, that as a result of this cyber breach, FIs can no longer rely solely on the types of data that were illegally accessed in the cyberattack, during FIs' verification of their customers’ identities. Additional information should be used for verification purposes (e.g. biometrics, one-time passwords).
 
The SingHealth cyber breach is potentially a case in point for the enormous costs that can arise from cyber attacks. Besides immediate monetary costs associated with financial damages and regulatory fines, as well as the financial costs of recovering compromised data and systems, cyber attacks can result in much more serious, non-financial, and longer-term costs arising from loss of reputation and confidence in the service providers. The enormous potential costs associated with cyber attacks mean that organisations of today can no longer afford to ignore cybersecurity, which should be accorded top priority in all holistic risk management plans.

For more details on how to better manage your cybersecurity, or a review of your organisation's cybersecurity risks, please reach out to your usual Moore Stephens contact, or email us at chrisjohnson@moorestephens.com.sg.