Singapore’s privacy watchdog has levied fines totaling over $1 million against those responsible for the massive 2018 SingHealth data breach. Last July, hackers infiltrated the databases of SingHealth, the largest group of healthcare institutions in Singapore. The hackers were able to exfiltrate the personal information of 1.5 million patients, including Prime Minister Lee Hsien Loong.
Prior to the incident, SingHealth had delegated its cyber security operations entirely to IT vendor Integrated Health Information Services (IHiS). The Committee of Inquiry (COI) has found both organizations guilty of failing to secure patient data, levying fines of $750,000 against IHiS and $250,000 against SingHealth."Even if organizations delegate work to vendors, organizations as data controllers must ultimately take responsibility for the personal data that they have collected from their customers," said the Personal Data Protection Commission.
The fallout from the SingHealth data breach continues to reverberate across the healthcare sector, with Singapore's privacy watchdog dishing out hefty fines totalling $1 million against those responsible for the lapse and a slew of cyber security measures being rolled out to safeguard critical systems. Updating Parliament yesterday on the heels of a detailed report by the high-level Committee of Inquiry (COI) that investigated last June's cyber attack on SingHealth, Singapore's largest healthcare cluster, two ministers acknowledged the shortcomings that had been identified and detailed the steps being taken to rectify them. The Personal Data Protection Commission (PDPC) had found both SingHealth and its IT vendor Integrated Health Information Systems (IHiS) guilty of failing to secure patient data. The cyber attack had compromised the personal information of 1.5 million patients, including Prime Minister Lee Hsien Loong.