Incident Details

Incident: Data Breach in Singapore Health Database due to Malware Infection

Published Date: 2018-07-20

Postmortem Analysis
Timeline	1. The software failure incident of the Singapore personal data hack targeting the government health database happened between 27 June and 4 July [73432].
System	The system that failed in the software failure incident reported in Article 73432 was the government health database of SingHealth in Singapore. The breach occurred due to malware infecting a computer belonging to SingHealth, allowing hackers to gain unauthorized access to the database [73432]. 1. Government health database of SingHealth
Responsible Organization	1. Hackers targeted the government health database in Singapore, causing the software failure incident [73432].
Impacted Organization	1. Singapore government health database [73432]
Software Causes	1. The software cause of the failure incident was the infection of a computer belonging to SingHealth with malware, which allowed hackers to gain access to the government health database [73432].
Non-software Causes	1. The breach occurred due to a computer belonging to SingHealth being infected with malware, allowing hackers to gain access to the database [73432].
Impacts	1. Personal data of 1.5 million people in Singapore was stolen, including names, addresses, and outpatient dispensed medicines information, affecting about a quarter of the population [73432]. 2. The Prime Minister of Singapore, Lee Hsien Loong, had his personal data, including outpatient dispensed medicines information, specifically targeted multiple times [73432]. 3. The breach occurred through malware infecting a computer belonging to SingHealth, one of Singapore's major government healthcare groups, leading to unauthorized access to the government health database [73432]. 4. The incident raised concerns about the vulnerability of Singapore to hacking, prompting the government to implement stricter cybersecurity measures, such as disconnecting certain key ministries from the internet [73432]. 5. Health services are often targeted in cyber-attacks due to the valuable information they hold, making them attractive targets for hackers [73432].
Preventions	1. Implementing robust cybersecurity measures such as regular security audits, penetration testing, and intrusion detection systems could have potentially prevented the software failure incident [73432]. 2. Ensuring timely software updates and patches to address vulnerabilities in the system could have helped in preventing the breach [73432]. 3. Educating employees on cybersecurity best practices, including avoiding clicking on suspicious links or downloading unknown attachments, could have enhanced the overall security posture of the organization [73432]. 4. Implementing a multi-factor authentication system could have added an extra layer of security to prevent unauthorized access to sensitive databases [73432].
Fixes	1. Implementing robust cybersecurity measures such as regular security audits, penetration testing, and intrusion detection systems to prevent malware infections and unauthorized access [73432]. 2. Enhancing employee training on cybersecurity best practices to prevent phishing attacks and improve overall security awareness within the organization [73432]. 3. Strengthening network segmentation and access controls to limit the spread of malware within the system and protect sensitive data [73432]. 4. Regularly updating and patching software and systems to address known vulnerabilities and reduce the risk of exploitation by hackers [73432]. 5. Implementing encryption protocols to protect sensitive data both at rest and in transit, enhancing overall data security [73432].
References	1. Government statement 2. Prime Minister Lee Hsien Loong's website 3. Eric Hoh, Asia Pacific president of security company FireEye [73432]

Software Taxonomy of Faults

Category	Option	Rationale
Recurring	one_organization, multiple_organization	(a) The software failure incident having happened again at one_organization: - In 2013, Prime Minister Lee Hsien Loong's official website was "compromised" by hackers claiming to be members of the hacking group Anonymous [73432]. - The recent incident in 2018 involved the breach of the government health database in Singapore, specifically targeting the data of Prime Minister Lee Hsien Loong, including information on his outpatient dispensed medicines [73432]. (b) The software failure incident having happened again at multiple_organization: - The article mentions high-profile cyber-attacks in other countries, such as Germany, the US, UK, and North Korea, indicating that similar incidents have occurred in multiple organizations globally [73432].
Phase (Design/Operation)	design, operation	(a) The software failure incident in Article 73432 occurred due to a design-related contributing factor introduced during system development. The breach into the government health database in Singapore was a result of hackers gaining access to the database through malware that infected a computer belonging to SingHealth, one of the state's major government healthcare groups. This breach was described as a "deliberate, targeted and well-planned" attack, indicating a flaw in the design or security measures of the system [73432]. (b) The software failure incident in Article 73432 also involved contributing factors introduced during the operation of the system. The breach was facilitated by the operation of the infected computer within SingHealth, allowing the hackers to gain access to the database. This highlights the importance of operational security measures and the potential for misuse of systems to lead to software failures [73432].
Boundary (Internal/External)	within_system	(a) within_system: The software failure incident in Singapore, where hackers stole personal data from the government health database, was due to a breach that originated from within the system. The hackers gained access to the database by infecting a computer belonging to SingHealth with malware, allowing them to extract data on 1.5 million individuals [73432].
Nature (Human/Non-human)	non-human_actions, human_actions	(a) The software failure incident occurring due to non-human actions: The software failure incident in Singapore, where hackers stole personal data belonging to 1.5 million people, was a result of the systems being breached through malware infecting a computer belonging to SingHealth, one of the state's major government healthcare groups. The hackers gained access to the government health database through this malware, which was a non-human action introduced into the system [73432]. (b) The software failure incident occurring due to human actions: In the same incident, it was reported that the hackers broke into the government health database in a "deliberate, targeted, and well-planned" attack. This indicates that the failure was also a result of human actions, specifically the deliberate actions of the hackers to breach the system and steal personal data [73432].
Dimension (Hardware/Software)	hardware	(a) The software failure incident occurring due to hardware: The software failure incident in Singapore, where hackers stole personal data from the government health database, was attributed to a hardware-related issue. It was mentioned that the breach occurred when a computer belonging to SingHealth, one of the state's major government healthcare groups, was infected with malware, allowing the hackers to gain access to the database [73432]. (b) The software failure incident occurring due to software: The software failure incident in Singapore, involving the theft of personal data from the government health database, was primarily caused by software-related factors. Hackers exploited a vulnerability in the system by infecting a computer with malware, which enabled them to access the database and steal sensitive information [73432].
Objective (Malicious/Non-malicious)	malicious	(a) The objective of the software failure incident was malicious: - The software failure incident in Singapore, where hackers stole personal data belonging to 1.5 million people, was a deliberate, targeted, and well-planned attack on the government health database [73432]. - The hackers gained access to the database by infecting a computer belonging to SingHealth with malware, indicating a malicious intent to breach the system and steal sensitive information [73432]. - Prime Minister Lee Hsien Loong's personal data, including information on his outpatient dispensed medicines, was specifically and repeatedly targeted, showing a deliberate attempt to access sensitive information [73432]. (b) The objective of the software failure incident was non-malicious: - There is no indication in the articles that the software failure incident was non-malicious.
Intent (Poor/Accidental Decisions)	poor_decisions	(a) The intent of the software failure incident was due to poor_decisions. The breach into the government health database in Singapore was described as a "deliberate, targeted and well-planned" attack by hackers [73432]. This indicates that the hackers made intentional decisions to carry out the attack, rather than it being accidental or unintended.
Capability (Incompetence/Accidental)	accidental	(a) The software failure incident in Singapore, where hackers stole personal data belonging to 1.5 million people, was not attributed to development incompetence but rather to a deliberate, targeted, and well-planned attack. The breach occurred through malware infecting a computer belonging to SingHealth, one of the state's major government healthcare groups, allowing hackers to gain access to the database [73432]. (b) The software failure incident in Singapore, resulting from the data breach, was accidental in the sense that the hackers gained access to the government health database through malware infection, which was not intentionally introduced by the organization but rather exploited by the attackers. The breach was not caused by accidental factors but rather by a deliberate and targeted cyber-attack [73432].
Duration	permanent, temporary	(a) The software failure incident in the reported hack on the Singapore government health database can be considered permanent. The breach was described as a "deliberate, targeted and well-planned" attack by hackers who gained access to the database through malware infecting a computer belonging to SingHealth [73432]. The incident resulted in the theft of personal data belonging to about 1.5 million people, including specific targeting of Prime Minister Lee Hsien Loong's information on outpatient dispensed medicines. The breach was not limited to a specific timeframe but was a result of deliberate actions by the hackers to access and steal sensitive information from the database. (b) The software failure incident can also be considered temporary in the sense that the breach occurred within a specific timeframe between 27 June and 4 July [73432]. This indicates that the breach was not a continuous failure but rather a specific incident that took place over a limited period. The breach was identified and reported, leading to immediate actions to address the vulnerability and prevent further unauthorized access to the database.
Behaviour	crash, other	(a) crash: The software failure incident in the article can be categorized as a crash. The system lost its state and did not perform its intended functions due to being breached by hackers who gained access to the database [73432]. (b) omission: There is no specific mention of the software failure incident being due to the system omitting to perform its intended functions at an instance(s) in the article. (c) timing: The software failure incident is not related to the system performing its intended functions correctly but too late or too early. (d) value: The software failure incident is not related to the system performing its intended functions incorrectly. (e) byzantine: The software failure incident is not related to the system behaving erroneously with inconsistent responses and interactions. (f) other: The software failure incident in the article can be categorized as a deliberate, targeted, and well-planned attack by hackers who infected the system with malware, leading to the breach of the database [73432].

IoT System Layer

Layer	Option	Rationale
Perception	None	None
Communication	None	None
Application	None	None

Other Details

Category	Option	Rationale
Consequence	property, non-human, other	(a) death: People lost their lives due to the software failure - No information about people losing their lives due to the software failure incident was mentioned in the articles [73432]. (b) harm: People were physically harmed due to the software failure - No information about people being physically harmed due to the software failure incident was mentioned in the articles [73432]. (c) basic: People's access to food or shelter was impacted because of the software failure - No information about people's access to food or shelter being impacted due to the software failure incident was mentioned in the articles [73432]. (d) property: People's material goods, money, or data was impacted due to the software failure - The software failure incident resulted in hackers stealing personal data belonging to 1.5 million people in Singapore, including names, addresses, and information on outpatient dispensed medicines [73432]. (e) delay: People had to postpone an activity due to the software failure - No information about people having to postpone an activity due to the software failure incident was mentioned in the articles [73432]. (f) non-human: Non-human entities were impacted due to the software failure - The software failure incident targeted the government health database in Singapore, affecting personal data records but not medical records [73432]. (g) no_consequence: There were no real observed consequences of the software failure - The software failure incident had real observed consequences, such as the theft of personal data of 1.5 million individuals in Singapore [73432]. (h) theoretical_consequence: There were potential consequences discussed of the software failure that did not occur - The articles did not mention any potential consequences discussed that did not occur as a result of the software failure incident [73432]. (i) other: Was there consequence(s) of the software failure not described in the (a to h) options? What is the other consequence(s)? - The software failure incident led to the theft of personal data, specifically targeting the outpatient dispensed medicines information of about 160,000 patients, including the Prime Minister's data [73432].
Domain	health, government	(a) The failed system was related to the health industry as it targeted the government health database in Singapore, affecting approximately 1.5 million people [73432]. (j) The incident specifically targeted health services as hackers gained access to the database of the government health system, stealing personal data of individuals who visited clinics between May 2015 and July 2018 [73432].

Sources

Singapore personal data hack hits 1.5m, health authority says - BBC.com - Published on: 2018-07-20
Article ID: 73432

Back to List