healthcare data

(Photo by ROSLAN RAHMAN / AFP)

Singapore eye clinic suffers massive cyberattack as healthcare data value increases

Healthcare data often fetches a high value on the dark web. As cybercriminals continue finding weaknesses in healthcare systems, they’re often successful with their attacks as most healthcare providers often lack solid cybersecurity protection.

While some cybercrime groups have vowed to not engage in cybercriminal activities in the healthcare industry, the lucrative prices being paid for healthcare data are often very tempting. According to an EY report, in the UK, the NHS data set has a current valuation of several billion pounds and a realization of GBP 9.6 billion per annum in benefits that could be unlocked.

In the Asia Pacific, a McKinsey report showed that digital health in Asia could collectively create up to US$100 billion in value by 2025, up from US$37 billion in 2020. With digital health and the use of technology in healthcare increasing in the region, the risks that come with them increase as well.

Singapore, known for its modern healthcare facilities, recently saw a massive ransomware attack on a specialist medical clinic, the Eye & Retina Surgeons (ERS).

According to a statement from the Ministry of Health Singapore (MOH), the incident affected their server and the clinic’s management system, which contains data on over 73,000 patients. However, the clinic’s compromised systems are not connected to MOH’s IT systems, such as the National Electronic Health Record.  So far, there have been no similar cyberattacks on MOH’s IT systems.

(Photo by Roslan RAHMAN / AFP)

This is the second time a major healthcare institution in Singapore was targeted by cybercriminals. In 2018, SingHealth, Singapore’s largest group of healthcare institutions, suffered a data breach. Seen by many as possibly the worst data breach in the republic’s history, it affected 1.5 million SingHealth patients, including politicians and Prime Minister Lee Hsein Loong himself.

MOH had since requested ERS to investigate the incident, carry out a thorough review of its systems, and work with the Cyber Security Agency of Singapore to take immediate mitigating actions to strengthen its cyber defense.

Healthcare industries are easy targets

Tech Wire Asia reached out to several cybersecurity experts to get their views on the latest ransomware attack.

According to Jeffrey Kok, Vice President, Solution Engineers of the Asia Pacific and Japan at CyberArk, ransomware as a threat is growing, with ransomware-as-a-service increasing in incidents. As such, seeing malware of this nature is more common, and there will most likely be an acceleration of this trend.

“It’s important to note as well that attackers are moving beyond “spray and pray” tactics, increasingly targeting specific organizations for very specific reasons, often using supply chain providers to help achieve their goals, as in the case of Kaseya,” said Kok.

He added that attackers are putting in the work in advance, pooling resources, conducting lengthy reconnaissance on their intended victims. They carefully engineer tactics to reach specific individuals who have direct access to critical assets and systems.

Oded Vanunu, Head of Products Vulnerability Research at Check Point Software Technologies, highlighted that health care vendors are favorite targets of cybercriminals. In the event a shutdown occurs, the hacking team has a very high chance to highly profit due to the nature of the target and the implication.

“These targets have usually held a piece of private information including health history records that are highly demanded on darknet networks. From what we see in general, small health clinics are not prepared for such sophisticated cyberattacks,” said Vanunu.

Importance of the right mitigation strategies

At the same time, Kok feels there are mitigation strategies proven to be 100% effective against almost all variants of ransomware. One of these is a multi-layer approach that includes using anti-viruses, EDR (endpoint detection and response) and having sufficient backups. It also incorporates practices that restrict application read/write/modify permissions, thus only allowing approved applications, and elevating privileges only when needed. This approach would also assess the file types that are of most value to the organization.

Meanwhile, Jonathan Knudsen, Senior Security Strategist, Synopsys Software Integrity Group, pointed out that every organization today can be considered a software organization, even an eye clinic. He explained that all organizations, no matter their size or industry, must include cybersecurity as part of their day-to-day operations. A comprehensive, proactive approach to security reduces the risk for the organization and its customers.

(Photo by ROSLAN RAHMAN / AFP)

“In the case of (the clinic) ERS, segmenting the network between administrative functions and medical data was a smart defensive move and prevented this attack from being much worse. This technique is part of the basic security hygiene that all organizations should practice,” explained Knudsen.

With that said, the healthcare industry needs to take cybersecurity much more seriously. Regulators also need to start ensuring how healthcare providers are managing their data and that ensure access to these data is monitored as well. Only with proper regulations can healthcare data be taken a bit more seriously.

At the end of the day, healthcare professionals are more focused on caring for and treating their patients. Their lack of understanding of the importance of healthcare data security and data privacy could eventually be reasons for breaches as well.

After all, the weakest link in any organization is always the users.