SINGAPORE – SingHealth said it plans to introduce a series of measures for all 28,000 of its employees to deepen their understanding of cyber safety, after hackers used phishing to get into its network.

Although the healthcare group said it currently has cyber-security training activities as part of the orientation programme for employees, and also regularly conducts phishing simulation exercises to train them to be more vigilant, more needs to be done to promote cyber hygiene internally.

Professor Kenneth Kwek, SingHealth’s deputy group chief executive (organisational transformation and informatics), said: “All staff have the important role to ensure the safety of systems and patient data.”

He said that up to 12 leadership memos are sent to employees every year educating them on how to identify phishing threats, but this effort will be stepped up going forward.

Prof Kwek said more town halls will also be held to provide information on new cyber-security and ransomware threats.

Since 2016, employees logging into the network have been greeted by a message on their computers reminding them of the importance of data protection.

However, the language of this message will now be “strengthened” and the message made more prominent.

SingHealth will also adopt a storytelling format in engaging its employees on cyber-security matters and explaining the impact of breaches, Prof Kwek said, noting that this format relates better to employees and patients alike.

“Staff already knew that data protection is an important part of patient clinical care… we want to deepen this understanding,” he told the panel.

The healthcare group regularly conducts phishing simulation exercises to train its employees to be more vigilant. For instance, six phishing exercises were conducted between 2015 and September this year.

“Staff who responded to phishing emails twice or more are given additional attention. They are requested to attend IT security briefings to become more aware of the risks,” he said.

In the recent exercise in February 2018, employees who fell prey to phishing also received a formal letter, with a copy sent to their direct supervisor. The letter is signed by Prof Kwek and Mr Benedict Tan, the SingHealth cluster’s group chief information officer.

This is “to strongly remind them on the need for vigilance”, said Prof Kwek.

Intrusions into SingHealth’s electronic medical records system began undetected on June 27 but were terminated on July 4.

The data breach compromised the personal data of 1.5 million patients and outpatient prescription information of 160,000 people, including Prime Minister Lee Hsien Loong and several ministers.

Related Stories: 

Source: Read Full Article