SingHealth Case Study

Group 2: Nathanael, Yusoff, Dennis, Peter, Jia Jing, Thaung, Sithu

Topics of Discussion
1. Explain the principles and philosophies of cyber terrorism and how individuals
and corporations can be targeted.
2. To identify possible threats facing this organization information assets and
infrastructure.
3. Discuss how assessment of organizational security policy, design and
implementation could help this organisation.
4. Discuss any legal constraints on cyber warfare are in this case (if any)
5. Recommend some suitable defence strategies.
1. Explain the principles and philosophies of cyber terrorism and how
individuals and corporations can be targeted.

• The premeditated use of disruptive activities, or the threat thereof, against

computers and/or networks, with the intention to cause harm or further social,
ideological, religious, political or similar objectives, or to intimidate any person
in furtherance of such objectives
• Could blackmail/withhold essential information/data that the individual/company
is holding to extort them
• Could cause downtime in their services, affecting lives of patients
• Could extract critical information that could affect many lives (eg Prime minister's
health info)
2. To identify possible threats facing this organization information assets
and infrastructure.

• SingHealth is the largest healthcare institution in Singapore, comprising public,

private, and community hospitals, as well as polyclinics.
• On a daily basis, they are handling large amounts of personally identifiable and
sensitive patient medical as well as financial data.
• Any data leaks would lead to loss of privacy of patients, potentially compromising
national security (Prime Minister Lee's health records were among the leaked data)
• PI (personally identifiable) data is monetisable and profitable on the information
black market, and a large org like SingHealth holding large amounts of this
confidential data becomes a prime target for cyber attackers.
• Guarding patient data as well as assets & infrastructure handling said data is thus
paramount.
3. Discuss how assessment of organizational security policy, design
and implementation could help this organisation.

• The security policy outlines an organization's approach to

cybersecurity by identifying:
o Roles and Responsibilities – duties of different departments, management and
individuals
o Security Measures - password policies, encryption, access control
o Risk Management – Risks identified, assessed and mitigated
o Compliance with regulations – In Singapore, PDPA needs to be followed
o Incident response – The time an incident needs to be responded to depending
on severity
o Monitoring and Alert System- A system management process that instantly
notifies users of a potential threat to system
4. Discuss any legal constraints on cyber warfare are in this case (if any)

• Long and intensive search on finding the culprit could lead to losing trail
over time
• The perpetrators might be located outside of Singapore, beyond
Singapore's jurisdiction:
o Might not be able to enforce the Singapore HealthCare Services Act.
o Extradition to Singapore may not be possible, depending on the
location of the perpetrator.
5. Recommend some suitable defence strategies.

• Implement SIEM to have a centralized log repository. Monitor important

servers – trigger alerts when there is data exfiltration, logs are deleted.
• Have frequent phishing exercises so users are more careful when they
receive phishing emails
• There should be a formal patch management process -includes
procedures for identifying missing patches, prioritizing vulnerabilities,
and ensuring timely installation across all systems.
• Enforce 2FA across all servers if possible.
• Implement password expiry and account lockout policies via GPO
settings. Old admin credentials should automatically be disabled.