Healthcare supplier hit by cyber-attack earlier this month
A ransomware assault at a Singapore eye clinic has doubtlessly uncovered the non-public information of greater than 73,000 sufferers.
The safety incident at Eye & Retina Surgeons (ERS) occurred on August 6, confirmed Singapore’s Ministry of Well being in a statement.
ERS additionally notified police, the Private Knowledge Safety Fee, and Singapore’s Laptop Emergency Response Staff.
It has not but been confirmed how many individuals had their data compromised or what sort of datasets could have been accessed.
Authorities steps in
In mild of the incident, the federal government has instructed ERS to work with the nation’s federal cybersecurity company to take mitigation actions and implement stronger cyber defenses.
“The federal government takes a severe view of any cyber-attack, unlawful entry of knowledge, or motion that compromises the integrity, confidentiality, and availability of knowledge and IT programs in Singapore,” the assertion learn.
It additionally cited legal guidelines mandating that licensed medical organizations should implement “enough safeguards” to guard healthcare data in opposition to unintentional or illegal loss, modification or destruction, or unauthorized entry, disclosure, copying, use or modification.
They have to additionally “periodically monitor and consider such safeguards in place to make sure that they’re efficient and being complied with by the individuals concerned in dealing with medical data”.
It added: “Following this incident, MOH can be reminding all its licensed healthcare establishments to stay vigilant, strengthen their cybersecurity posture, and make sure the safety and integrity of their IT belongings, programs, and affected person information.”
Legislation of the land
Singapore’s data breach notification law, enacted in 2021, states that “notifiable” breaches have to be reported to the info safety workplace.
For a breach to be notifiable, it should both trigger important hurt to these people whose data has been uncovered, and/or quantity to greater than 500 people.
A corporation should notify the Cybersecurity Commissioner as quickly as doable, no later than three calendar days. Penalties may embody a wonderful of as much as 10% of a corporation’s annual turnover or SGD 1 million ($742,000), whichever is highest.