Singapore Eye Clinic Targeted in a Ransomware Attack

The selling of healthcare data is a lucrative business which generated large sums of money on the dark web and other circles of cybercrime and theft. As stated in an EY report, it is estimated that 55 million patient records held by the NHS has a market value of several billion pounds. Regarding the Asia Pacific, as displayed in a McKinsey report, the emerging digital health ecosystem could generate a value of approximately $100 billion by 2025. 

The Data Breach  

A private eye clinic named Eye & Retina Surgeons was recently subjected to a ransomware attack which affected personal records of almost 73,500 patients. Fortunately, as stated by the clinic, patient’s bank details or credit card information however personal information such as names, addresses, identity cards, contact details and personal details related to clinical care such as eye scans and other medical notes. The intent of those behind in this attack was to extract money using personal data as a leverage.  

The compromised clinic’s IT system is not connected to the IT system of the Ministry of Health including the National Electronic Health Record and so far, there have been no recorded similar attempts of a cyber attack on the Ministry of Health’s IT system.  

What Happened Next?  

The Eye & Retina Surgeons clinic stated that no amount of ransom was paid and that its IT systems were repaired. Additionally, the IT providers of the clinic completed a thorough check of the clinic’s IT system, ensured that servers were reformatted and that anti-virus scans were completed on all terminals. Fortunately, no personal data of the patients were publicly leaked as the clinic assured that confidential medical records were kept on a separate cloud system.  

The clinic is determined to investigate the root of this attack and is working with the Ministry of Health and the Cyber Security Agency in order to do so and identify unknown vulnerabilities to improve its security.  

Whilst the situation remains under close monitoring from the clinic, the patients are in the process of being notified about the ransomware attack, and that no confidential medical data and bank details were leaked. The clinic has urged its patients that everything will be done to continuously ensure the protection of its patient’s confidentiality and that further steps have been taken to prevent similar attacks from happening in the future.  

This is not the first time that a health care provider has been targeted in a cyber security attack. In 2018, Singapore was subjected to the worst data breech in the nation’s history with the data of 1.5 million SingHealth patients being compromised, including politicians and the Prime Minister Lee Hsein Loong.  

The manner in which ransomware attacks are carried out has taken a new direction. Now, this form of attack is implemented on specifically targeted institutions, as seen here with the ransomware attack on Eye & Retina Surgeons. Smaller health clinics tend to be unprepared against sophisticated cyber attacks and thefore and increasingly targeted by cyber criminals in order to obtain medical records that are in high demand and gather high profit from the dark web. More increasingly, prior to an attack criminals will focus on individuals with direct access to important assets and the system, studying their victims and gathering recourse to implement their attack.  

It Is Essential to Have in Place the Appropriate Mitigation Strategies……… 

Having a multi-layer approach to mitigation strategies will prove successful. This can include installation of anti-virus software, improvement of end-to-end response, ensuring that backups are carried out and further restricted access; only allowing certain higher positioned employees to have high access privilege. This will further prevent an undercover threat actor, an employee who has been reached out to by the cyber criminals and offered a large sum of profits in return for help, from causing damage to an institution’s cyber security.