Bangalore: This weekend, Singapore is reminded again that no matter how much we talk about how highly aware we are about the importance of cybersecurity and how we must put stronger focus on securing our systems, that our seemingly highly-focused highly-secured infrastructures will be breached.
The operator of the country’s largest group of healthcare institutions, SingHealth revealed that non-medical personal data of 1.5 million patients had been “accessed and copied”, including their national identification number, address, and date of birth. In addition, outpatient medical data of 160,000 patients were compromised.
“The data stolen in this breach is an identity thief’s goldmine,” said Paul Ducklin, Senior Technologist – Sophos. “It’s a startling reminder to all Singaporeans that there is no such thing as ‘cyberattackers would never care about little old me’ – once your data is scooped up in a cybersecurity blunder of this sort, you simply can’t control where it will go next. Anyone affected in this breach has no choice but to assume that their personal information will end up for sale in the cyberunderground, ready for active abuse by cybercrooks.”
Ducklin on how we can avoid such breaches:
1. Keep a careful watch over all your financial statements – bank accounts, payment cards, loans, pension funds, taxation records and so on. Report any suspicious activity immediately.
2. Talk to your financial institutions about locking down account details in order to make it harder for crooks to try to take over your accounts or to apply for services in your name.
3. Be especially suspicious of unsolicited communications that arrive in the wake of this breach offering any sort of help, or asking for further details “to assist in the investigation.” Social engineers and scammers are experts at preying on people’s fears (and their willingness to help) after security incidents of this sort.
4. If you need help or advice on what to do next, don’t use contact information, web links or phone numbers that were sent to you online – look for contact information on existing invoices, on printed correspondence you received in the past, or by visiting an organisation’s office in person.
“Whether this was a lone hacker who got lucky, a well-oiled cybercrime gang or a state-sponsored attack team won’t get your personal data back, and it won’t change the fact that you can’t control who gets it next. So keep your own eyes open for any attempt to abuse your personal data in the future,” says Ducklin.