Healthcare

SingHealth Cyber Attacker Entered Network In August Last Year, TheDarkOverLord Resurfaces With Stolen Patient Records

18 - 25 September 2018

Further investigation into the cyberattack on SingHealth, which compromised the personal and health data of 1.5 million patients, showed that the attacker had entered the healthcare group’s network as early as August last year by infecting workstations with malware.
Cyber_News_Healthcare
Further investigation into the cyberattack on SingHealth, which compromised the personal and health data of 1.5 million patients, showed that the attacker had entered the healthcare group’s network as early as August last year by infecting workstations with malware. The attacker used the infected workstations to distribute malware to other computers and began to move laterally in the network from December last year to May this year. The attacker subsequently abused an inactive, poorly secured administrator account to remotely log into a server that contained a link to another system containing the electronic medical records system. The attack revealed security inadequacies, a lack of situational awareness, and tardy response to the breach.

TheDarkOverLord resurfaced in a dark web forum called the Kickass Forum last week, offering to sell a database of more than 67,000 stolen health records from medical and dental practices in the United States. The stolen records include names, addresses, phone numbers, birth dates, driver’s licence numbers, medical histories, and so on. TheDarkOverLord did not specify a price for the database and invited interested buyers to send him an encrypted message. TheDarkOverLord also offered to sell 131,000 personal records stolen from a gaming website, including email addresses, passwords, birth dates, IP addresses, and so on.

References:
[1] COI on SingHealth cyber attack: Lack of awareness, tardy response contributed to incident, says Solicitor-General
[2] Tardy responses, security failings led to SingHealth breach
[3] Nearly seventy thousand healthcare patient records for sale on darknet hacker forum

More Weekly Cyber Newsanalysis and insights

Ensign Consulting

Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.​

Ensign Systems Integration

Architecting and implementing cybersecurity solutions that bolster defences

Ensign Managed Security Services

Managing your security operations for advanced threat detection, continuous monitoring, and triage services

Ensign Labs

Performing deep research to analyse vulnerabilities, deploy advanced threat hunting and provide cyber threat intelligence