Security check on UAE's 'well-protected' medical data after hack in Singapore

Breach in Singapore's health system to extract records, including prime minister Lee Hsien Loong, has experts across the world on alert

epa06901951 Two men (L) walk past a sign bearing the logo of the  Singapore General Hospital, in Singapore, 21 July 2018. According to media reports, hackers gained access to the health data of about 1.5 million patients who had visited Singhealth hospitals and clinics in Singapore between 2015 and 2018. The data breach was discovered on 04 July and was aimed at uncovering the medical information of Singapore Prime Minister Lee Hsien Loong.  EPA/WALLACE WOON

An attack on healthcare records in Singapore has served as a warning for cyber security experts in the UAE to revisit the systems in place and a call for better technological tools such as blockchain to prevent such data breaches.

Cyber security experts claim the attack on SingHealth was the work of state-sponsored hackers, as the data targeted had no clear commercial value. The hackers, it was said, went for specific compromising data on Singapore Prime Minister Lee Hsien Loong, but they also secured demographic data on 1.5 million SingHealth patients, including the outpatient prescription records.

Like Singapore, the UAE has smart city ambitions — pioneering a number of initiatives in the public and private sectors to improve residents’ lives.

But often that means having huge amounts of sensitive data connected to the internet.

Although online data is reasonably well protected in the UAE, some areas are vulnerable to attack.

“Everyone should be concerned no matter where they are, as hackers have wide capabilities, but the UAE has reasonably well protected health records, said Eddie Schwartz, executive vice president at cyber security company DarkMatter.

“We see good access controls in the UAE but like other countries, the level of security varies greatly.

“One of the weaknesses we see in healthcare is monitoring and if they have the ability to detect when a breach has occurred.

“We know electronic record systems are targets for hackers, so we’re looking at new approaches to encryption and tighter access control, such as blockchain.”

Where large hospitals and government hospitals have money to deal with security, smaller clinics and offices may not be able to afford to protect their information.

Singapore premier Lee warned that whoever the hackers were, they were "extremely skilled and determined" and had "huge resources".

On Tuesday, Reuters reported that the Singapore government disconnected computers from the internet at public healthcare centres to safeguard against a repeat attack, even though the move could cause "inconvenience for patients and healthcare staff".


Read more:

Ethical hackers and intelligence experts key to countering rise of cyber threats in UAE 

‘Hero’ cyber expert who stopped WannaCry virus accused of developing malware

Dozens of cyber attacks target UAE Government and companies in January


Financial or identity-related data gleaned from health records has an intrinsic value on the open market.

By putting medical records on the blockchain, a list of records linked by cryptography, authorities can see every time a medical record is accessed or changed.

It allows them to tightly control who has access to those records and also revoke access easily.

More than 1.4 million Dubai Health Authority patient medical records and 112 million transactions have been transferred to the Salama system, an online portal to access data.

The system allows doctors to access integrated patient information, with an overview of their condition delivered at the stroke of a key.

"Blockchain is offering new possibilities to restricting access to medical records," Mr Schwartz said.

“We are seeing strong interest in Dubai and Abu Dhabi about the implementation of blockchain, certainly as a starting point for government services.

“Over the coming years that will mature in the healthcare industry.

“There is some encryption now, or two factor authentication where a doctor and nurse will have to both enter an access code and swipe card to access information.”

The 2017 WannaCry virus crippled computers worldwide, encrypting files and making them inaccessible unless people paid a ransom ranging from $300 to $600.

Healthcare services in the UK were one of those areas target, with doctors locked out of patient records.

To combat cybercrime, the Telecommunications Regulations Authority launched awareness campaigns, including lectures, seminars and workshops to promote cyber safety.

It advises all concerned authorities and departments to create backup copies of their data, saving them on other devices that are not connected to the internet.

“Nation-states increasingly collect intelligence through cyber espionage operations that exploit the very technology we rely upon in our daily lives,” said Eric Hoh, president of Asia Pacific at security experts FireEye.

“Many businesses and governments in Southeast Asia face cyber threats, but few recognise the scale of the risks they pose.

“There are no quick fixes to the cyber security challenge, and breaches are inevitable.

“It’s important that business and governments work together to improve our collective security so that when breaches do occur, we can minimise the consequences.”