Singapore imposes fines over major cyber attack


SINGAPORE • Singapore’s privacy watchdog yesterday imposed fines of S$1 million (RM3.03 million) on a healthcare provider and an IT agency over a cyber attack that saw health records of about quarter of the population stolen.

In the city-state’s biggest ever data breach, hackers last year gained access to a government database and made off with the records of 1.5 million people, with Prime Minister Lee Hsien Loong among those targeted.

An official inquiry last week highlighted a litany of failings, including weaknesses in computer systems and inadequate staff training and resources, and said authorities believe a state was likely behind the attack.

The official Personal Data Protection Commission announced it was fining Integrated Health Information Systems, which runs the IT systems for Singapore’s public healthcare sector, S$750,000.

SingHealth, a healthcare provider which groups some public hospitals and clinics, was hit with a S$250,000 fine.

The commission said the organisations had failed to “make reasonable security arrangements to protect personal data of individuals”.

The stolen information was “highly sensitive and confidential personal data”, it said.

Officials have not disclosed which state they believe was behind the breach, which occurred between June 27 and July 4.

The compromised data included personal information and medication dispensed to patients.