Another public service has suffered a cyberattack. The latest victim is an eye clinic in Singapore that exposed patients’ data to attackers following a ransomware attack.
Singapore Eye Clinic Ransomware Attack
Reportedly, the Eye & Retina Surgeons (ERS) clinic in Singapore has fallen prey to a ransomware attack. The Eye & Retina Surgeons (ERS) is a specialized medical facility for eye treatments, particularly, surgical and medical retina.
According to the details shared by the Ministry of Health (MOH), Singapore, ERS suffered a ransomware attack on August 6, 2021.
While MOH elaborated that the incident didn’t impact MOH’s IT systems connected to the ERS clinic. However, the attackers did manage to pilfer data of over 73,000 patients as they accessed the clinic’s servers.
Consequently, MOH instructed the ERS clinic to investigate the matter in coordination with the Cyber Security Agency (CSA).
For now, it remains unclear how the attack happened, who the attackers were, and whether or not the clinic paid ransom to the attackers. Given the possibility of a double extortion attack, it’s likely that the attackers may publish the patients’ data on the dark web should ERS refuses to pay.
MOH Urges Healthcare Systems To Remain Vigilant
Singapore already has robust laws for the healthcare sector to protect patient’s data. As stated in MOH’s notice,
The Government takes a serious view of any cyberattack, illegal access of data or action that compromises the integrity, confidentiality and availability of data and IT systems in Singapore. Section 12(1) of the Private Hospitals and Medical Clinics Regulations states that licensees shall implement adequate safeguards (whether administrative, technical or physical) to protect medical records against accidental or unlawful loss, modification or destruction, or unauthorised access, disclosure, copying, use or modification, as well as to periodically monitor and evaluate such safeguards in place to ensure that they are effective and being complied with by the persons involved in handling medical records.
Following the ERS incident, MOH urges all healthcare systems to review their IT security and ensure the integrity of systems.