‘Leaders must be able to take criticism, acknowledge mistakes’: PM Lee

[Woodshake]

Quote:

Originally Posted by NotMyPresident

How to know if the SMS you received was from SingHealth

22 Jul 2018 06:47PM (Updated: 22 Jul 2018 06:49PM)

SINGAPORE: SingHealth has released an advisory showing the actual notifications members of the public should be receiving, following the emergence of fake SMSes purportedly being sent by the healthcare group.

In a Facebook post on Sunday (Jul 22), SingHealth gave details on what the public can look out for to ascertain whether the SMS they received was from SingHealth.

SingHealth said that its name will be reflected as a sender, and that it will not ask for credit card or other financial information.

Earlier on Sunday, SingHealth also said that it had revised the URL sent in the SMSes to www.singhealth.com.sg/cyberattack instead of $$$$$$$/cyber-attack18 after receiving feedback.


"From today, the remaining patients to be contacted will receive the following SMS with the revised URL," said SingHealth in its Facebook post.

Read more at https://www.channelnewsasia.com/news...ealth-10552792


So did anyone receive fake SMS ???

SingHealth should attach a shopping voucher of $100 , then we know it is real .

[Woodshake]

Quote:

Originally Posted by Browncat

I think the female toilet has got some serious design flaws . Need to improve so as to prevent perverts from going in to take pictures of unsuspecting female victims .

Partition all the way up to the ceiling , no gaps on the floor , 1 oxygen mask for breathing ?

[Greytoad]

Quote:

Originally Posted by Browncat

like this how can we ever trust the PAP government to protect us ??? This is a serious breach of data .

Pay protection fee la, then they'll protect us

[sharklaserscom]

Quote:

Originally Posted by Greytoad

Pay protection fee la, then they'll protect us

Already highest paid

[EnjoyLife99]

Quote:

Originally Posted by NotMyPresident

more at : http://theindependent.sg/no-strong-c...hocking-claim/

Joy upped back =)

[NotMyPresident]

“Health records” hacking: “Protection” vs “Surveillance”?

Published on 2018-07-23 by Leong Sze Hian


Are we spending too much on “surveillance, propaganda and influencing”, relative to protecting our systems?

I refer to the article “Here’s why we should all be concerned about the hack on SingHealth” (unscrambledsg, Jul 21).

It states that


“First concern is whether this is just a dress rehearsal for something bigger, something more sinister.

Are the culprits just sending a message with this hack? It could be them telling us: “Today I can hack your medical systems. Tomorrow, it’ll be something more deadly”.

And even if they can’t really do more harm than stealing medical histories, planting that seed of doubt alone is already harmful.

Then there is the loss of confidence in the government. There are already people blaming the government.

It will take immediate action to strengthen our public sector IT systems and databases against similar cybersecurity attacks. And a Committee of Inquiry will be formed to conduct an independent external review. We will get to the bottom of this.”

According to the article “Singapore an advanced surveillance state, but citizens don’t mind” (techinasia, Nov 26, 2013) – “Leaks of top secret documents by intelligence whistleblower Edward Snowden has exposed Singapore as a key “third party” providing five countries, including the United States and Australia, secret access to Malaysia’s communications data.

However, the news, which suggests that the state has the resources to spy on its own citizens, got little traction within the country. Revealed in August, the pageviews only snowballed recently, and even so, it garnered a weaker reaction than the entrance of extra-marital dating site Ashley Madison into Singapore, a move which sparked an outcry among conservative Singaporeans.

It seems that citizens are more concerned about moral policing than the possibility of having their actions monitored by the state.

Singapore has unfettered access to citizen’s data

The recent leaks about the NSA’s highly organized attempts to spy on the world has not led to an outcry in Singapore. Few ask if the government has PRISM-like programs in place to monitor citizens, but few doubt that the state can get private data whenever it wants. It’s an accepted but hidden fact of life.

Online services and Internet Service Providers (ISPs) in Singapore are at the mercy of the government. Laws are so broadly phrased that the government can obtain access to sensitive data like text messages, e-mail, call logs, and web surfing history without court permission. Contrast this with the United States, where a court order or search warrant is required to obtain data without the user’s knowledge.

Singapore’s Computer Misuse and Cybersecurity Act has been amended to let the government compel organizations to do pre-emptive surveillance. The Criminal Procedure Code is phrased in such a way to enable investigators to forcibly obtain any information they need.

The newly enacted Personal Data Protection Act, meanwhile, is aimed more at restricting companies’ use of private data. Government agencies are exempted from most parts of the Act.


more at : https://www.theonlinecitizen.com/201...-surveillance/

[NotMyPresident]

SingHealth Cyberattack: Another military general, another epic failure?

Published on 2018-07-23 by The Online Citizen


The practice of parachuting military generals into top civilian organizations has been questioned recently.

Secretary-General of the Singapore Democratic Party Dr. Chee Soon Juan noted that these military men are given "a meteor-like rise through the ranks [and] many of these high-achievers are farmed out as corporate chieftains to one of a plethora of government-linked companies (GLCs)." However, the "reality is never quite as awesome"

Citing examples such as Ng Yat Chung, Desmond Kuek and Lui Tuck Yew, Dr. Chee believed that these Ministers have led their parent organisations to failure but were shielded from any negative repercussions.

"[Former Chief of Navy] Lui Tuck Yew, joined the PAP and stood for elections in 2006. He was subsequently appointed transport minister whose unfortunate portfolio included having to do battle with a devilishly uncooperative train system".

"The trains won, of course. After a major system disruption in 2015 that caused much public unhappiness just before the elections, Mr. Lui threw in the towel and chose not to stand for re-election. No worries, though, he was appointed ambassador to Japan in 2017".

2017: Former Army General to lead 2 new cybersecurity organisations

Last year, it was reported that another former military general – BG David Koh – will be in charge of two newly created cybersecurity organisations.

The first was the new Defence Cyber Organisation (DCO) to bolster the nation's defences against online attacks. The second was the Cyber Security Agency (CSA), which came under the Prime Minister’s Office and was tasked with “coordinating public- and private-sector efforts to protect critical national systems”.

With these new organisations, the budget for cyber-security spending in Singapore would be increased. From 5% of the entire info-communications technology budget, it will now take up 8%. The Straits Times reported that Singapore spent S$408.6 million on cyber security for the fiscal year of 2014. In other words, BG Koh's two organisations would be spending as much as $650 million a year on cyber-security.

The report also added that BG Koh graduated from King's College London with a bachelor's degree in electrical and electronics engineering and a Master's in public administration from Harvard University. Amongst his previous roles include: Chief Signal Officer and Head of Joint Communications and Information Systems Department in the Joint Staff.

David Koh in April 2018: We must be vigilant and resilient towards cyberattacks

In an interview with Channel NewsAsia earlier this year (17 Apr), BG Koh had warned that the internet was not designed for cyber-security and vigilance was needed.

He cited an example on how his daughter would leave her computer in “sleep” mode instead of shutting it down; he felt that this was not safe as hackers would be still able to access the computer so as long as it was not turned off.

Above all these, he acknowledged that it was a matter of when – rather than if - a major cyberattack would hit Singapore. When that happened, the onus would be on the Government to ensure that they are able to detect the breach, while keeping the networks and recovery as resilient as possible.

“When something goes wrong… then the issue is how we react to the incident. The assurance that I will give is that we will put out information as quickly and as accurately as we can."

In July 2018: timeline of cyberattacks on SingHealth does not inspire confidence Friday

Indeed, BG Koh was proven right when he predicted the major cyberattack when it happened barely less than 2.5 months later. Unfortunately, the sequence of events does not inspire confidence. Several key questions are raised by the whole incident which was not answered in the press release.



more at : https://www.theonlinecitizen.com/201...-epic-failure/

[NotMyPresident]

Singhealth CEO is Defence Minister Ng Eng Hen’s wife


By Jewel Stolarchuk -

July 23, 2018


Several netizens are pointing out that Singhealth’s chief executive is Defence Minister Dr Ng Eng Hen’s wife, Dr Ivy Ng, in the aftermath of the massive Singhealth data breach that has affected 1.5 million people.

On Friday, Facebook user Phillip Ang shared the following picture on social media and pointed out that Dr Ivy Ng is ruling party politician Dr Ng Eng Hen’s wife. Ang’s post has been shared nearly 300 times on his Facebook page. Another Facebook group reposted the picture and garnered an additional 180 reactions and 150 shares:

A mother of four aged between 24 and 34, Dr Ivy Ng has served as CEO of Singhealth since 2012, after she left her former position as CEO of KK Women and Children’s Hospital that she had held for eight years. Now 59, Dr Ng had first met her husband when they were both in medical school together.

In 2012, the year she joined Singhealth, Dr Ivy Ng was honoured for her achievements in healthcare and named the Her World Woman of the Year 2011/2012. Published by SPH Magazines, Her World awards the title each year to Singaporean women who have contributed to society, projected a good image of the nation, and are role models for other women:

Meanwhile, the photo which pointed to the fact that Dr Ivy Ng is married to Dr Ng Eng Hen also noted that the chief of the Cyber Security Agency of Singapore (CSA), David Koh Tee Hian, is a Singapore Armed Forces scholar.

The CSA chief made a shocking claim that there is “No strong commercial value” to the stolen data, even though the breach involved the theft of the names, addresses, birth dates, genders and NRIC information of 1.5 million patients. Mr Koh’s remarks are also published on the website of the Ministry of Communication and Information (MCI), under the title: “Singhealth cyberattack: what you need to know”.


more at : http://theindependent.sg/singhealth-...eng-hens-wife/

[NotMyPresident]

SingHealth cyberattack: Internet surfing delinked at all public healthcare clusters


23 Jul 2018 05:14PM (Updated: 23 Jul 2018 06:09PM)



SINGAPORE: Temporary Internet Surfing Separation (ISS) - one of the measures used to step up security following the cyberattack on SingHealth's IT system - has been implemented at the National Healthcare Group (NHG) and National University Health System (NUHS), the health ministry said in a press release on Monday (Jul 23).

This follows the implementation of ISS at SingHealth on Friday, which was in response to the major unprecedented cyberattack on its IT system, in which Prime Minister Lee Hsien Loong was a target.

With NHG and NUHS both adopting the safeguard measure, all public healthcare clusters are now delinked from Internet surfing.

"The decision to impose ISS is part of the effort of the public healthcare family to strengthen its IT systems against evolving cyber security threats, and more importantly, to safeguard the confidentiality of our patients’ data," said the Ministry of Health (MOH).

"We would like to assure all patients that their safety and care are our priority, and we will work to ensure that these are not compromised as a result of the implementation of ISS and various security measures," it added.

In addition to ISS, other measures that have been put in place to improve IT security include additional controls on workstations and servers, reset of user and systems accounts, and the installation of additional system monitoring controls on IT systems, according to MOH's release.

The move comes after an unprecedented cyberattack at SingHealth, which saw 1.5 million patients' records accessed and copied. Of those patients, 160,000 had their outpatient dispensed medicines' records taken.

The news of the cyberattack was announced on Jul 20.

EXPECT DELAYS SAYS MOH

MOH also cautioned that during this period, patients may experience longer waiting times for consultations, test results and delays in checking their Medisave accounts or making claims, MOH said.

This is because public healthcare institutions rely on accessing other systems through the Internet to deliver multiple services, including the reading of diagnostic reports from laboratories, submission and retrieval of results from screening databases, and birth and death registrations.

As such, some public healthcare institutions, including the polyclinics and community hospitals, will be affected.

As an interim alternative, departments that require Internet access will have to share separate workstations for connection to the Internet.

Read more at https://www.channelnewsasia.com/news...ublic-10555094

[NotMyPresident]

SingHealth cyberattack: Did authorities respond fast enough to Singapore’s worst personal data breach?


By Kevin Kwang @KevinKwangCNA

23 Jul 2018 07:52PM (Updated: 23 Jul 2018 09:03PM)




SINGAPORE: As the dust settles on the “most serious breach of personal data” in Singapore’s history - which compromised the records of 1.5 million SingHealth patients, including Prime Minister Lee Hsien Loong - questions have surfaced on whether the authorities responded in a timely enough manner once the threat of a cyberattack was detected.

Database administrators from the Integrated Health Information System (IHIS) detected unusual activity on SingHealth’s IT systems on Jul 4 and put a stop to the data breach activities. It was later that they found out data had been illegally copied and stolen beginning from Jun 27 – eight days before the cyberattack was detected.

From Jul 4 to Jul 9, the administrators continued to monitor the network traffic closely before ascertaining it was a cyberattack and alerted their superiors. On Jul 10, MOH, SingHealth and the Cybersecurity Agency of Singapore (CSA) were informed and forensic investigations carried out.

Mr Jonathan Phua, the co-founder of startup InsiderSecurity, which specialises in early breach detection, told Channel NewsAsia that if an attacker was able to hide in an IT system long enough to steal 1.5 million patients’ records, then the time taken to detect and respond to the threat was “too long”.

But, Mr Phua said it is not easy to detect a sophisticated attacker hiding inside the system, especially if it is state-sponsored – something that other industry experts have stated was a likelihood.

The former DSO National Laboratories researcher pointed to the 2017 Equifax breach, when the personal data of around 150 million US consumers was lost, which was discovered only three months later. Another incident involving the US Office of Personnel Management saw around 20 million employee records stolen in 2015, and that was discovered a year later, he added.


HACK DISCLOSURE A "NOBLE THING TO DO"

Darktrace Asia Pacific managing director Sanjay Aurora said last Friday when news of the hack came to light that for SingHealth to have detected, investigated and reported the incident within a month was a “comparative success”.

“How many other countries around the world are capable of even detecting this attack within a month, let alone be able to conduct a full investigation in this short time period?" Mr Aurora said.

Mr Jeff Hurmuses, managing director of Asia Pacific at US-based cybersecurity firm Malwarebytes, also concluded that the IHIS database administrators acted "promptly" to stem the data leak.

"They actually responded to the breach and disclosed it to potentially affected users very quickly," he said.

FireEye’s Asia Pacific president Eric Hoh lauded the Singapore Government’s decision to notify the public of the SingHealth hack.

“CSA and the Singapore Government have done a good job detecting (the cyberattack) in a timely manner and publicly disclosing the incident – which is a very noble thing to do,” Mr Hoh told Channel NewsAsia, adding that the tendency is there for victims to “sweep the matter under the rug”.

Mr Rajesh Sreenivasan, head of Technology, Media and Telecommunications at Rajah & Tann, said in a phone interview that it is “near impossible” to judge if the Singapore authorities had responded to the detection of the breach in a timely manner without knowing the specifics.

“The reality is that (the) breach notification could be done in stages,” Mr Sreenivasan said.

He added: “Sometimes, the cyberattacks could be part of a larger series of attacks, and notifying the public too early could compromise investigations.”

The lawyer also responded to questions over whether IHIS failed to comply with the Cybersecurity Act, which requires owners of critical information infrastructure in 11 key sectors – of which healthcare is part of – to notify Singapore’s cybersecurity commissioner of “a prescribed cybersecurity incident”, among others. It does not state a timeframe for reporting incidents

Read more at https://www.channelnewsasia.com/news...gh-to-10555632

[NotMyPresident]

More than 1.8 million patients received SMS notifications from SingHealth since Friday


Published 14 min ago


Ng Keng Gene



SINGAPORE - More than 1.8 million patients who visited SingHealth's specialist outpatient clinics and polyclinics have received text message notifications from SingHealth on whether their data had been stolen, said SingHealth in a statement on Monday evening (July 23).

These patients had visited SingHealth between May 1, 2015, and July 4 this year.

Remaining patients who did not register their mobile numbers with SingHealth will receive letters informing them about the status of their data this week, said SingHealth.

More than 231,000 patients have also checked on whether they were affected on the Health Buddy mobile app and SingHealth's website.

In the wake of Singapore's most serious cyber attack, SingHealth also alerted the public to suspicious phone calls that have surfaced, reminding patients that they would be informed if their data had been leaked only by SMS or letter.

In a Facebook post on Sunday, it also informed the public on what a genuine SMS notification should look like, after some people said they received fake messages.


more at : https://www.straitstimes.com/singapo...h-since-friday

[NotMyPresident]

SingHealth issues alert against scam phone calls asking for personal data


In a Facebook post, SingHealth said that recipients of the SMS notification should check the links and that the sender is SingHealth.



PublishedJul 23, 2018, 9:27 am SGT

Updated 4 hours ago


Ng Huiwen



SINGAPORE - If you receive a phone call from “SingHealth” asking for your personal or financial information, beware.

SingHealth has alerted the public to suspicious phone calls that have surfaced in the wake of the recent cyber attack.

In a Facebook post on Monday (July 23), SingHealth said that patients would be informed if their data had been leaked by SMS or letter only.

The healthcare group added that it will not contact patients via the phone unless they have been expecting a call.

Recipients of the scam phone call should call the police anti-scam helpline on 1800-722-6688.

On Sunday, SingHealth also advised the public on what a genuine SMS notification should look like, after some people said they received fake messages.

SingHealth said in a Facebook post that recipients should check that the sender is SingHealth and that the links in the message are www.singhealth.com.sg/cyberattack or $$$$$$$/cyber-attack18


more at : https://www.straitstimes.com/singapo...ages-informing


Beware of scams .

[skyleon]

oBike users owed deposits can meet liquidators on Aug 2

Published 8 hours ago

Updated 53 min ago


Jose Hong


SINGAPORE - The provisional liquidators of beleaguered bike-sharing firm oBike will hold a meeting next Thursday (Aug 2) at 3pm which will be open to oBike users who have yet to receive a refund of their deposit, among other creditors.

The meeting, by business advisory firm FTI Consulting, will take place at the Shine Auditorium at 100 Beach Road, #03-01 Shaw Tower, said the firm on Monday (July 23).

FTI Consulting will provide an update on oBike's winding up there, and the relevant details and necessary forms for the creditors' meeting can be downloaded from www.obikedepositholders.com.

According to the firm, oBike owes its roughly 220,000 deposit holders in Singapore almost $9 million. After oBike suddenly ceased operations here last month, company chairman Shi Yi said unreturned deposits amounted to about $6.3 million.

As of July 22, 6,286 deposit holders had submitted their claims online, totalling $287,337.60, said FTI Consulting.

Those who want to attend and vote at the meeting must submit their claims by noon, Aug 1. They can submit their claims through the same website listed above.

However, those who do not attend the meeting can still submit their claims afterwards and will not lose any of their rights.


continue reading here : https://www.straitstimes.com/singapo...ators-on-aug-2

[mimax]

NUS makes police report, bars tech firm from hiring interns after complaint of inappropriate conduct

SINGAPORE (THE NEW PAPER) - A local tech firm has been barred from accessing the National University of Singapore's (NUS) internship portal following complaints by four female students.

The school has made a police report after alleged inappropriate conduct by a company director during a student's self-secured internship interview.

The New Paper understands that the interview took place in March via a one-way Skype video call, during which the director could see her, but she could not see him.

An NUS spokesman told TNP that the girl also informed faculty staff about a message containing unverified allegations against the director, and this was shared with the police.

The message, a copy of which was shown to TNP by faculty students, contained allegations of a sexual nature involving a previous intern who had gone on a business trip with the director and warned students not to join the company.

Students told TNP the message had been circulating among the student body for about a year.

Despite complaints going as far back as 2016, the firm was still listed on an NUS internship portal until May this year.

Between 2016 and last year, the university also received feedback from three other female students from different departments about unfair work practices in the company.

TERMINATION

All of them subsequently terminated their internships. No police report was made as they did not wish to pursue the matter further, the spokesman said.

"The university takes a serious view of any alleged harassment of our students," she added.

"NUS is deeply concerned about the allegations concerning this company. The safety and well-being of our students have been, and will continue to be, our top priorities."

She added that by early May this year, the company and its listings had been removed from the main job portal and two other portals managed by NUS.

However, the firm is still actively sourcing for interns from other schools such as the Nanyang Technological University and Lasalle College of the Arts under the name of a subsidiary.

The NUS spokesman said companies registered on its portals are able to view basic particulars such as contact details and curriculum vitae of students applying for internship positions.

The particulars may also include photographs or NRIC information, but only if they are required by a company as part of the internship application.

It is unclear if this was required by the company on the NUS portals, but it is asking for recent photos of applicants on other school portals.

Its listings on these portals also do not give a salary range, indicating only that it is negotiable.

The NUS spokesman said that based on its records, no NUS student is currently interning with the company.

[mimax]

Wonder which company?