Privacy News Poor ‘p@ssword’ hygiene and unpatched systems led to Singapore’s biggest ever cybersecurity breach

[LASER_oneXM]

Content source

https://hotforsecurity.bitdefender.com/blog/poor-pssword-hygiene-and-unpatched-systems-led-to-singapores-biggest-ever-cybersecurity-breach-20360.html

An investigation into the July data breach incident at Singapore’s largest healthcare provider has revealed that local administrators made several critical mistakes that led to the breach, including the use of weak passwords and unpatched software.

According to the initial press release announcing the breach, “It was not the work of casual hackers or criminal gangs. The stolen data included name, NRIC (National Registration Identity Card) number, address, gender, race and date of birth. Investigators said the records were not tampered with or deleted. However, experts warned that the data could end up on the dark web, where criminals could offer to buy it to conduct extortion attempts.

A team set up to probe the breach – which compromised 1.5 million patient records, including the Singapore Prime Minister’s – has now revealed how hackers were able to infiltrate the SingHealth network and perform their actions.

Investigators noted that the breach resembled an advanced persistent threat (APT) attack and involved sophisticated tools, including custom malware designed specifically to penetrate SingHealth’s infrastructure. Hackers took advantage of unpatched endpoints and other vulnerable solutions employed by the healthcare unit, and also capitalized on the use of an extremely weak administrator “p@ssword.”

 

[Local Host]

As usual you can't protect stupid, this should be our main concern when it comes to our security and privacy.

We can make our PC as secure as possible, but it's useless if the company where our data is stored (account details) is hacked.

Is the main I don't use Cloud PW Managers.

 

[ForgottenSeer 58943]

Realize that stupid people make up about 80% of the world. So at any given time, when you interact with 10 people 8 of them are basically functioning at a level of some degree of a severely challenged IQ. (70 or less) With that, companies can be very reactionary with IT. They don't care much about it, or budget much into it unless they get hammered, then they react and wonder how it happened.

I always die a little inside when I find a Fortigate that has the shipping firmware in it, 5 years later. It's actually kind of pathetic. This is why I have always stated that I believe we need IT Regulations and required licensing for IT people. We also need mandatory disclosures of breaches and disclosures of 'security reports'. The health department inspects restaurants and publishes reports, we need reports on the health of a firms IT and they should be available to the public.

Understand that most firms you do business with have little to no IT and almost no security or best practices in place. I've seen hospitals using AVG Free, Hotmail, and having open RDP into their medical servers. It's pathetic beyond belief.