Hardly news I know, but I just learnt about this reviewing all my privacy mail:
About 70 HealthHub accounts are suspected to have been accessed without authorisation in recent days, despite nationwide calls to tighten cyber security since the attack on SingHealth’s database in June.
It appears that a familiar culprit is here again.
Both the HealthHub and SingHealth incidents – although seemingly unrelated – happened under the watch of Integrated Health Information Systems (IHiS) which runs the IT systems of all public healthcare operators in Singapore
It seems that the modus operandi is a brute force log on using several email accounts (and passwords). Investigations led to a shut down of the service.
Would data protection had helped? Given that there were hints of systemic failures, I think there is a lot of scope.
The silver lining? A user reported the breach. Users care.