By using this site, you agree to the IDC Privacy Policy

TECH BUYER Feb 2019 - IDC Perspective - Doc # AP43913219

Lessons Learnt from the SingHealth Case — Effective Incident Response Strategy and Consideration of Zero Trust Security Framework

By: Cathy HuangAssociate Research Director, Services and Security, IDC Asia/Pacific

Abstract

SingHealth, Singapore's largest public health provider, comprising a team of 28,000 health care professionals and staff, was hit by a cyberattack in mid-2018, affecting about 1.5 million patients, including Prime Minister Lee Hsien Loong and a few ministers. The breach had their personal data stolen, including the name, NRIC number, address, gender, race, and date of birth — these were illegally accessed and copied. The worst cyberattack in Singapore has resulted in a SG$1 million fine, the highest record in Asia/Pacific. This IDC Perspective focuses on the incident response plan, one of the valuable lessons learnt from this incident. A sound breach/incident response strategy carries a significant importance to an organization's overall security effectiveness and cyber resilience.

"Cybersecurity must be viewed more than just a technical issue. Lack of awareness of the organization's response plan or lack of practices on these incident response plans can severely hamper timely reporting, as well as effective responses and controls, and severely impact business operations and reputation," says Cathy Huang, senior research manager, IDC Asia/Pacific Security Services. "For critical infrastructure and assets, for example, databases containing patient data must be monitored in real time for suspicious activity. Organizations should consider a new security architecture — zero trust or distributed integrity. The new enterprise security architecture is shifting access controls from the perimeter to individual devices and users. It requires verification all the time, more stringent authentication methods, and least privilege account philosophy used," Huang continued.


Coverage

Content


Get More

When you purchase this document, the purchase price can be applied to the cost of an annual subscription, giving you access to more research for your investment.



Related Links

Do you have questions about this document
or available subscriptions?

Contact Us