‘Leaders must be able to take criticism, acknowledge mistakes’: PM Lee

[sgxclusive]

This is what we can expect from Ah Long Government.

[JoesephToh]

Quote:

Originally Posted by sgxclusive

This is what we can expect from Ah Long Government.

What a nice picture .

[Samurice]

Quote:

Originally Posted by sgxclusive

This is what we can expect from Ah Long Government.

And CPF $$ squandered by his wife

[WhackoJacko]

Quote:

Originally Posted by AssSMRT

So can those affected by the breach of data protection seek protection ? Can they sue the PAP government for their failure to protect our personal data ???

Blackmail the judge first before suing

[pukimak0]

WHAT CAN AFFECTED SINGAPOREANS DO?

As for next steps, FireEye’s Hoh suggested that the 1.5 million affected SingHealth users be on “heightened alert” and be extra vigilant over things such as phone calls from unknown numbers or emails that purport to be from legitimate organisations.

He also said that these users should change their online passwords linked to the compromised IT systems.

Sophos senior technologist Paul Ducklin, meanwhile, recommends those affected to keep a careful watch over their financial statements and report any suspicious activity immediately.

“Be especially suspicious of unsolicited communications that arrive in the wake of this breach offering any sort of help or asking for further details to assist in the investigation,” Mr Ducklin warned.

“Social engineers and scammers are experts at preying on people's fears (and their willingness to help) after security incidents of this sort.”

He added: “Whether this was a lone hacker who got lucky, a well-oiled cybercrime gang or a state-sponsored attack team won't get your personal data back, and it won't change the fact that you can't control who gets it next.

“Keep your own eyes open for any attempt to abuse your personal data in the future."

Mr Hoh also hopes that Singaporeans will see this incident as a timely reminder that cyberattacks, big or small, will happen and that the key is for all parties - government, businesses and citizens - to respond quickly to such breaches.

"Somebody can launch a cyberattack against you, but if they didn't get away with anything, then you'd have successfully defended yourself."

This, he reckoned, is the mindset people should adopt going forward.

Read more at https://www.channelnewsasia.com/news...price-10549372

[pukimak0]

https://www.sammyboy.com/threads/1-5...h-korea.256736



so many problem under this health minister with new unfavourable policy

[jacky43]

If is truth. Tell 1.5 million new citizens that their past records at ICA is stolen. It scare the shits out of them. Especially people from Myammar with dark history with the military.

By end of the year only 10 Malaysian seeking to migrate into this red dot. Power! Even the hammer will look at them with respect.

[NotMyPresident]

Who carried out unprecedented Singapore cyberattack? Experts are pointing to ‘state actors’


The hackers used a computer infected with malware to gain access to the database between June 27 and July 4 before administrators spotted ‘unusual activity’, authorities said


PUBLISHED : Saturday, 21 July, 2018, 4:10pm

UPDATED : Saturday, 21 July, 2018, 7:33pm


Agence France-Presse

State-actors were likely behind Singapore’s biggest ever cyberattack to date, security experts say, citing the scale and sophistication of the hack.

The city state announced Friday that hackers had broken into a government database and stolen the health records of 1.5 million Singaporeans, including Prime Minister Lee Hsien Loong who was specifically targeted in the “unprecedented” attack.

Singapore’s health minister said the strike was “a deliberate, targeted, and well-planned cyberattack and not the work of casual hackers or criminal gangs”.

While officials refused to comment on the identity of the hackers citing “operational security”, experts said the complexity of the attack and its focus on high-profile targets like the prime minister pointed to the hand of a state-actor.

“A cyberespionage threat actor could leverage disclosure of sensitive health information … to coerce an individual in [a] position of interest to conduct espionage” on its behalf, said Eric Hoh, Asia-Pacific president of cybersecurity firm FireEye.

Hoh told national broadcaster Channel NewsAsia that the attack was an “advanced persistent threat”.

Chinese hackers targeting US firms’ financial data, report says(

“The nature of such attacks are that they are conducted by nation states using very advanced tools,” he said. “They tend to be well resourced, well-funded and highly sophisticated.”

Health care data is of particular interest to cyberattackers because it can be used to blackmail people in positions of power, said Jeff Middleton, chief executive of cybersecurity consultancy Lantium.

SSThe nature of such attacks are that they are conducted by nation states using very advanced tools

Eric Hoh, cybersecurity expert

“A lot of information about a person’s health can be gleaned from the medications that they take,” Middleton said on Saturday. “Any non-public health information could be used for extortion. Russian spy services have a long history of doing this.”

Medical information, like personal data, can also be easily monetised on criminal forums, said Sanjay Aurora, Asia-Pacific managing director of Darktrace.

“Beyond making a quick buck, a more sinister reason to attack would be to cause widespread disruption and systemic damage to the health care service – as a fundamental part of critical infrastructure – or to undermine trust in a nation’s competency to keep personal data safe,” he said.

Wealthy Singapore is hyper-connected and on a drive to digitise government records and essential services, including medical records which public hospitals and clinics can share via a centralised database. But authorities have put the brakes on these plans while they investigate the cyberattack. A former judge will head an inquiry looking into the incident.

Singapore officials have cautioned against jumping to conclusions about the attackers.

“With regard to the prime minister’s data and why he was targeted, I would say that it’s perhaps best not to speculate what the attacker had in mind,” said David Koh, head of Singapore’s Cyber Security Agency.

Chinese hackers targeting satellite and defence firms, researchers find(

The hackers used a computer infected with malware to gain access to the database between June 27 and July 4 before administrators spotted “unusual activity”, authorities said.

While Singapore has some of the most advanced military weaponry in the region, the government says it fends off thousands of cyberattacks every day and has long warned of breaches by actors as varied as high-school students in their bedrooms to nation states.


more at : https://www.scmp.com/news/asia/south...attack-experts

[NotMyPresident]

SingHealth cyber attack: Some patients receive SMSes addressed to others

PublishedJul 21, 2018, 9:50 pm SGT

Tan Tam Mei

Ng Keng Gene


SINGAPORE - In the midst of SingHealth's major exercise to inform patients as to whether their data was stolen in Singapore's worst cyber attack, some patients have also received SMSes addressed to other people.

Over 700,000 SMS notifications have been sent to affected patients, said Singapore's largest healthcare group in a statement on Saturday evening (July 21).

The attack, which started in June, saw hackers obtain the personal particulars of 1.5 million patients from its database, including that of Prime Minister Lee Hsien Loong. The stolen records relate to patient visits at SingHealth specialist outpatient clinics and polyclinics between May 1, 2015, and July 4 this year.

Among those who received SMS notifications from SingHealth was Ms J. Parvin, 23, a student, who was surprised as the message was addressed to a name that did not belong to her. The message said that the person was not affected by the cyber attack.

However, when Ms Parvin logged in to the SingHealth website with her SingPass, she found that her non-medical details had been affected but her outpatient medication information was not.

"I felt quite unsafe at first. But after seeing that my medical records were are safe, I was relieved," she said.

A SingHealth spokesman said it had received feedback about patients receiving SMSes from SingHealth addressed to other people.

"While we have made efforts to ensure this doesn't happen, we recognise that there are two possible scenarios why this may have happened - it could be a recycled mobile number that was previously registered to someone else, or it could be a wrong number mistakenly given to us," said the spokesman.

The SingHealth spokesman said that if members of public had queries about the SMS that they had received, they could visit the SingHealth Facebook page, which has regular updates and alerts. The page also has a sample screenshot of the SMS notification from SingHealth for verification purposes.

In a Facebook post on Friday night, SingHealth had also warned patients against fake text messages.

It said it was aware that some people had received fake messages that were not from SingHealth. The messages claimed that recipients' personal data, telephone numbers, financial details and medical records had all been accessed by the hackers.

SingHealth reassured patients that no phone numbers, financial information or medical records had been illegally accessed during the cyber attack.

In Saturday's statement, SingHealth said that the remaining SMS notifications would be sent out over the next two days, and the 150,000 patients who did not register their mobile numbers would receive letters on the matter within one week.

It said patients could also use the Health Buddy mobile app and SingHealth website to check if they were affected, and that 139,000 patients have done so.


more at : https://www.straitstimes.com/singapo...ssed-to-others

[NotMyPresident]

SingHealth warns of fake SMSes capitalising on news of recent cyberattack

By Low Youjin and Cynthia Choo



SingHealth said it is aware that a fake text message (L) has been making the rounds shortly after it announced that it would be sending a message (R) to patients affected by the healthcare group's data breach.
TODAY

SingHealth said it is aware that a fake text message (L) has been making the rounds shortly after it announced that it would be sending a message (R) to patients affected by the healthcare group's data breach.



Published20 July, 2018

Updated 20 July, 2018



SINGAPORE – SingHealth has warned of the emergence of fake SMSes tricking people into thinking that their phone number, financial information, and medical records had been compromised, hours after news first emerged on Friday (July 20) that the healthcare group had suffered an unprecedented cyberattack.

In a Facebook post around 10pm, SingHealth reiterated that no such information was stolen during the breach from June 27 to July 4, adding: "We have been made aware that some people have received the fake text (SMS) message below. Please note that this is not from SingHealth.

"Please be assured that no phone number, financial information, or other patient medical records have been illegally accessed."

Hackers broke into SingHealth's IT systems last month to steal the data of 1.5 million patients and records of the outpatient medication given to Prime Minister Lee Hsien Loong, the authorities said on Friday (July 20).

The hackers - whom the authorities did not name and whose intentions were not spelled out - took data such as the name, NRIC number, address, gender, race, and date of birth of patients who visited SingHealth's specialist outpatient clinics and polyclinics from May 1 2015 to July 4 this year.

The records of the medicines given to 160,000 people – the Prime Minister among them - who had received outpatient treatment at SingHealth's outlets were also stolen.


more at : https://www.todayonline.com/singapor...nt-cyberattack

[NotMyPresident]

Rei Kurohi


SINGAPORE - A 21-year-old man was arrested after a woman noticed him filming while she was using the bathroom on the fourth floor of the Singapore Institute of Management (SIM) campus on Saturday morning (July 21).

In a post on Facebook, SIM student Liyin Lee wrote that she had noticed a phone being held over the top edge of the cubicle she was in.

She then immediately left the cubicle and waited outside the toilet with a friend she had asked to come over.

When the man eventually emerged, Ms Lee and her friend asked why he was in the women's toilet. Ms Lee said the man claimed to have entered by accident because he had a stomachache.

Ms Lee also wrote that the man claimed to have classes on the second floor despite the toilet he was in being on the fourth floor.

The police said they arrested the man after being alerted to a suspected case of insulting the modesty of a woman at SIM around 10.58am.


more at : https://www.straitstimes.com/singapo...-in-sim-toilet

[NotMyPresident]

How to know if the SMS you received was from SingHealth

22 Jul 2018 06:47PM (Updated: 22 Jul 2018 06:49PM)

SINGAPORE: SingHealth has released an advisory showing the actual notifications members of the public should be receiving, following the emergence of fake SMSes purportedly being sent by the healthcare group.

In a Facebook post on Sunday (Jul 22), SingHealth gave details on what the public can look out for to ascertain whether the SMS they received was from SingHealth.

SingHealth said that its name will be reflected as a sender, and that it will not ask for credit card or other financial information.

Earlier on Sunday, SingHealth also said that it had revised the URL sent in the SMSes to www.singhealth.com.sg/cyberattack instead of $$$$$$$/cyber-attack18 after receiving feedback.


"From today, the remaining patients to be contacted will receive the following SMS with the revised URL," said SingHealth in its Facebook post.

Read more at https://www.channelnewsasia.com/news...ealth-10552792


So did anyone receive fake SMS ???

[NotMyPresident]

“No strong commercial value” to stolen data, cyber security chief’s shocking claim


By Andrew Loh -
July 22, 2018

In the midst of public concerns about the data security breach at Singhealth, it came as a shock to hear the remarks of the chief of the Cyber Security Agency of Singapore (CSA).

When asked by the media if the public should be worried about their personal information being stolen by what are possibly state-sponsored hackers, Chief Executive of CSA, David Koh, said the answer was no.

This, he explained, was because the stolen information are “basic demographic data”.

He said it didn’t appear the stolen property was being sold on the Internet, especially in what is called the “dark web.”

“We are watching to see if anything appears on the Internet both in the open and in some of the less well-known websites,” he added.

He added:

“But considering the type of data that’s been exfiltrated, it is – from our professional experience – unlikely that these will appear, because there is no strong commercial value to these types of data.”

The Singhealth breach involved the theft of the names, addresses, birth dates, genders and NRIC information of 1.5m patients.

Mr Koh’s remarks are also published on the website of the Ministry of Communication and Information (MCI), under the title: “Singhealth cyberattack: what you need to know”.

Mr Koh’s views, however, are being criticised online by several parties, and are disputed by the views of security experts which the press have spoken to.

Blogger zitseng, for example, said, “I can see how much of a treasure trove this 1.5 million records will be to telemarketers. The 160K dispensed medication records also provide more information, including embarrassing medical conditions or long-term ailments the individuals may have.”

“This is not basic demographic data at all. Can Mr Koh give me his full name, NRIC, address, and date of birth, since they are just basic demographic data?” he asked.

Another blogger, atans, highlighted that theft of personal information was a means for others to use to commit crimes, and which the police have been warning the public about, especially when it comes to online scams.



more at : http://theindependent.sg/no-strong-c...hocking-claim/

[Browncat]

like this how can we ever trust the PAP government to protect us ??? This is a serious breach of data .

[Browncat]

I think the female toilet has got some serious design flaws . Need to improve so as to prevent perverts from going in to take pictures of unsuspecting female victims .