SingHealth

SingHealth

The breach compromised personal data of 1.5 million SingHealth patients.

The incident also compromised outpatient medical data of 160,000 patients that visited the healthcare provider's facilities, which included four public hospitals, nine polyclinics, and 42 clinical specialties.

The attackers used a publicly available hacking tool to breach an end-user workstation.

The workstation was running a version of Microsoft Outlook that was not updated with a patch to address the use of the hacking tool.

Source: https://www.zdnet.com/article/singhealth-data-breach-reveals-several-inadequate-security-measures/

TPRM report: https://scoringcyber.rankiteo.com/company/singhealth

"id": "sin150311022",
"linkid": "singhealth",
"type": "Breach",
"date": "09/2018",
"severity": "100",
"impact": "",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'customers_affected': 1500000,
                        'industry': 'Healthcare',
                        'location': 'Singapore',
                        'name': 'SingHealth',
                        'type': 'Healthcare Provider'}],
 'attack_vector': 'Unpatched Software',
 'data_breach': {'number_of_records_exposed': 1660000,
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Personal data',
                                              'Outpatient medical data']},
 'description': 'The breach compromised personal data of 1.5 million '
                'SingHealth patients. The incident also compromised outpatient '
                'medical data of 160,000 patients that visited the healthcare '
                "provider's facilities, which included four public hospitals, "
                'nine polyclinics, and 42 clinical specialties. The attackers '
                'used a publicly available hacking tool to breach an end-user '
                'workstation. The workstation was running a version of '
                'Microsoft Outlook that was not updated with a patch to '
                'address the use of the hacking tool.',
 'impact': {'data_compromised': ['Personal data', 'Outpatient medical data'],
            'systems_affected': ['End-user workstation']},
 'initial_access_broker': {'entry_point': 'End-user workstation'},
 'post_incident_analysis': {'root_causes': 'Unpatched software'},
 'title': 'SingHealth Data Breach',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Microsoft Outlook vulnerability'}
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.