Nearly 73,500 patients' data affected in ransomware attack on eye clinic in S'pore

SINGAPORE – A ransomware attack has affected the personal data and clinical information of nearly 73,500 patients of a private eye clinic.

The information included names, addresses, identity card numbers, contact details and clinical information, said Eye & Retina Surgeons (ERS) on Wednesday (Aug 25).

But the clinic said that no credit card or bank account information was accessed or compromised.

It added that its IT system has been restored securely, and its IT providers have completed a thorough check of the clinic’s system, reformatted servers and run anti-virus scans on all computer terminals.

Measures will be taken to prevent the breach from recurring, ERS said.

ERS had fallen prey to a sophisticated ransomware cyber attack by hackers on Aug 6. Such attacks usually involve locking up data until victims pay the hackers.

Servers and several computer terminals at the clinic’s Camden branch were affected, but its IT system at the Novena branch was not.

While no sensitive data has been leaked publicly for now, the clinic said that it will monitor the situation closely.

ERS said that for data security reasons, it maintains active medical records separately on a cloud-based system, so they were not accessed or compromised in the cyber attack. Clinical operations were not affected too.

The clinic said it is now in the process of informing patients of the cyber attack.

The police, Personal Data Protection Commission – which said it is seeking more information from ERS – and the Cybersecurity Agency of Singapore (CSA) have been informed.

ERS is also working with CSA and the Ministry of Health to investigate the root causes of the attack and, together with security experts, is also trying to identify potential areas the company can better secure.

The clinic claimed that it uses “reputable and established external IT service providers to advise on and maintain its IT systems, and subscribes to appropriate anti-virus and other protective software, which are regularly updated”.

“ERS regrets this breach and wishes to assure its patients that it takes patient confidentiality very seriously,” the clinic said, adding it will continue to do everything it can to protect and secure patient information.

More on this topic

Join ST’s Telegram channel here and get the latest breaking news delivered to you.

Source: Read Full Article