NRICs, home addresses of doctors among data leaked from Academy of Medicine, Singapore

THE personal information of some 50 doctors linked to the Academy of Medicine, Singapore (AMS), including senior figures in the medical fraternity, have been put up on the dark web by a Russian-based ransomware gang since Sunday (Sep 10).

The affected doctors include both locals and foreigners, ranging from the academy’s directors, its teachers, as well as students who are undergoing advanced specialist training in Singapore.

In the 13.66 GB database obtained by The Straits Times, personal information such as NRIC numbers and home addresses could be seen, as well as the log-in credentials for AMS’ social media accounts and a list of its staff and their mobile numbers.

The staff contact list was correct as at May, with an earlier version from 2019 in a folder labelled “To be deleted”.

This folder also contained a 2021 contract, which listed the recipient’s home address, and letters that granted a lifetime fellowship for members above the age of 65 and who have paid for at least 10 years of membership.

The letters were dated March 23, 2022, with five out of nine including the recipients’ home addresses.

Another folder contained letters from Brunei’s Public Service Department, outlining the allowances that seven Bruneian doctors would receive as they undergo specialist training here.

An AMS spokesman told ST that its servers had been subjected to a ransomware attack, which it discovered on Jul 13.

The group responsible – Lockbit 3.0 – had put the data up on the dark web for free at 4.41 am.

SEE ALSO

Cortina sets up hotline, steps up staff training after data leak 

As one of the most prolific groups in the cyber-criminal space, the ransomware gang holds the dubious distinction of being the most active in the world in 2022, with a tally of 913 cyberattacks.

It had earlier published data taken from luxury retailer Cortina Watch in June, as well as that of the world’s largest chipmaker Taiwan Semiconductor Manufacturing Company in the same month.

Once AMS discovered its servers had been compromised, they were immediately taken offline, said the spokesman.

“The immediate measures included appointing cyber-security and legal experts who were tasked to work with us to review and strengthen the academy’s cybersecurity infrastructure while investigations were ongoing,” he added.

Besides lodging reports with the police and the Cyber Security Agency of Singapore the same day it discovered the attack, AMS also made a report to the Personal Data Protection Commission (PDPC) during the course of investigations.

The spokesman said that AMS has also informed its members and individuals who have had dealings with the academy about the potential data breach and urged them to take precautions. They have since been told that the data stored was confirmed to have been breached.

In light of the ransomware attack, AMS has installed an enhanced firewall and implemented multifactor authentication, among several other measures that were recommended by its cybersecurity experts.

ST has contacted the PDPC for more information. THE STRAITS TIMES