Ransomware attack hits eye clinic in Singapore
A ransomware attack on the Eye & Retina Surgeons (ERS), a private eye clinic in Singapore, exposed the data of 73,500 patients as it affected the clinic’s server and management system. The personal and clinical information included names, house addresses, ID card numbers, contact details, patients’ clinical notes, and eye scans, according to ERS.
The attack was conducted on servers and multiple computers at the ERS Camden branch. Its Information Technology system at the Mount Elizabeth Novena Specialist Centre branch was unaffected.
Active medical records are said to be maintained in a separate cloud-based system in the clinic and so were unhurt by the attack, and clinical operations were untouched as well.
Since no financial information, including the credit card or account information was accessed, no ransom was paid.
Also read: OT Group faces data security breach
The Ministry of Health (MOH) stated that the clinic’s victimized IT systems are not linked to their IT systems. The ministry asked ERS to investigate the incident, conduct a detailed review of its systems and work in conjunction with Cyber Security Agency (CSA) to take action to mitigate the risk and boost its cyber defences.
ERS also asserted about its work with CSA and MOH to find the basis of the attack and devise strategies to prevent future risks.
The clinic also claimed the usage of services from reputable IT experts’ to advise on and maintain its systems, along with subscribing to suitable anti-virus and other software. These are also regularly updated.
ERS cleared that its system has been restored securely. It also stated that its IT providers have run a thorough check, reformatted servers, and have executed anti-virus scans on all computer terminals.
ERS said that now it is in the process to inform its patients, and it will take effective measures to restrict such incidences in the future.
The clinic also expressed regrets due to the breach and assured its patients that their data confidentiality is a priority. In light of this, ERS stated that it would take extra steps to do everything to keep its patients’ information secure at every stage.