Contact Contact Us

SingHealth Cyber Attacker Entered Network In August Last Year, TheDarkOverLord Resurfaces With Stolen Patient Records

Further investigation into the cyberattack on SingHealth, which compromised the personal and health data of 1.5 million patients, showed that the attacker had entered the healthcare group’s network as early as August last year by infecting workstations with malware. The attacker used the infected workstations to distribute malware to other computers and began to move laterally in the network from December last year to May this year. The attacker subsequently abused an inactive, poorly secured administrator account to remotely log into a server that contained a link to another system containing the electronic medical records system. The attack revealed security inadequacies, a lack of situational awareness, and tardy response to the breach.

TheDarkOverLord resurfaced in a dark web forum called the Kickass Forum last week, offering to sell a database of more than 67,000 stolen health records from medical and dental practices in the United States. The stolen records include names, addresses, phone numbers, birth dates, driver’s licence numbers, medical histories, and so on. TheDarkOverLord did not specify a price for the database and invited interested buyers to send him an encrypted message. TheDarkOverLord also offered to sell 131,000 personal records stolen from a gaming website, including email addresses, passwords, birth dates, IP addresses, and so on.

[1] COI on SingHealth cyber attack: Lack of awareness, tardy response contributed to incident, says Solicitor-General
[2] Tardy responses, security failings led to SingHealth breach
[3] Nearly seventy thousand healthcare patient records for sale on darknet hacker forum

Ensign InfoSecurity Singapore
30A Kallang Place
Singapore 339213

Tel: +65 6788 2882
Fax: +65 6788 3883