Singapore eye clinic hit by ransomware; data of over 73,000 patients affected
A CYBER ATTACK at private eye clinic Eye & Retina Surgeons (ERS) has compromised the personal data and clinical information of 73,466 patients. This included the patients' addresses, identity card numbers and contact details.
No credit card or bank account information was accessed and there has been no known release of sensitive data into the public domain, said ERS on Wednesday.
The clinic was hit by a ransomware attack on Aug 6. Ransomware, a rapidly evolving global threat, is a form of malware designed to encrypt files on a device. Hackers demand a ransom to decrypt the files, or threaten to leak the data if the company does not pay up.
The attack on ERS is the third case to emerge in Singapore over the past week. Tokio Marine Insurance Singapore said last Monday that some of its internal servers were targeted by ransomware on July 31.
Last Wednesday, The Business Times reported that Singapore-based fintech unicorn Pine Labs became a victim as well. An attacker claimed it obtained private documents between Pine Labs and multiple Indian banks.
ERS said the servers and several computers at its Camden branch were affected, but its IT system at Novena was not. Clinical operations were unaffected and ERS' IT systems have been securely restored.
BT in your inbox
Start and end each day with the latest news stories and analyses delivered straight to your inbox.
The incident has been reported to the police, the Personal Data Protection Commission and the Cyber Security Agency of Singapore (CSA).
"To optimise data security, ERS maintains segregated networks and active medical records are maintained separately on a cloud-based system and thus were not accessed or compromised," ERS said in a statement.
Patients are being informed of the cybersecurity breach. The clinic is working with CSA and the Ministry of Health (MOH) to investigate the causes of the attack.
Separately, MOH said in a statement that the clinic's compromised IT systems are not connected to MOH's IT systems, such as the National Electronic Health Record, and there have been no similar cyberattacks on MOH's IT systems.
Ransomware incidents have the potential to cripple companies, especially small and medium-sized businesses. IBM Security and the Ponemon Institute's 2020 study found that the average total cost of a data breach was US$3.86 million. Reputational impact could also cost a business its clients.
It was enough for CSA to raise the alarm in July. The agency recorded 89 cases in Singapore last year, up from 35 in 2019.
Incidents continued to rise in the first half of this year. A total of 68 cases were reported, already more than double from a year ago. CSA chief David Koh believes this could just be the tip of the iceberg as many cases go unreported.
READ MORE
Copyright SPH Media. All rights reserved.
