25 comments

[ 3.0 ms ] story [ 68.1 ms ] thread
Guess who implemented the My Health Record system for Australia?
This is why we cannot continue to allow the government to capture and store private data on its citizens, no matter what country it is.
Wait... But... I mean... Of all the companies I can imagine having a legitimate interest in private information, the government seems to be at the top of that list. Please help me understand your perspective.
That is the point. Obviously they have an interest, or they wouldn't be trying to collect this information in the first place. Government has shown itself time and time again to be less competent and more vulnerable than private industry.
Because no private health organization has ever been compromised?
If you want to make an argument about government incompetence then I'm usually right there with you but... It seems like you're trying to fight an unwinnable battle. They need your address, name, phone number, a list of associates, employer, etc, at the very least so they can draft and tax you. This is an inescapable part of being in a state.

I would rather prefer we make adjustments so that malicious possession of your private information is less onerous. More solid identification and authorization requirements, like a cryptographically secured ID card, instead of "if you know the SSN and address you can screw somebody"

This was a health service storing information on health history. Seems like a rather legitimate thing to store.
Technically speaking Singhealth is a government owned private corporation.
I wonder how much of an argument could be made for anything being truly private in Singapora.
We have no details, but given the story and that workers from the company were banned from internet usage, it sounds like it was a mix of technical and social engineering.
> given the story and that workers from the company were banned from internet usage

I think the internet ban only happened after the fact. From the ST article linked in the BBC article [1], it seems like the attack vector was malware installed on one computer:

> Initial investigations showed that one SingHealth front-end workstation was infected with malware through which the hackers gained access to the data base. The data theft happened between June 27, 2018, and July 4, 2018.

[1] https://www.straitstimes.com/singapore/personal-info-of-15m-...

> I think the internet ban only happened after the fact.

That's exactly GP's point - that part of the response was to ban internet usage indicates that employee internet usage was part of the attack vector. (i.e. that one computer was probably infected through social-engineering means)

Total side note...

But if you're into tech and haven't been to Singapore, I'd recommend going... But know that it might make you apprehensive.

The backend structure to support that number of cameras alone, has to be ridiculous. Every subway station is surrounded by 20 cameras, there are 3-5 looking at you as you enter, there are 20 more before you get to the platform where there are 10 that can see you. There are poles on the street every 2-4 blocks that have 8-10 cameras around them. The further you get away from downtown the more "relaxed" it is I'm sure but it was a pretty crazy place.

I had just figured with the amazing infrastructure they have that they also would have world class security. But what do I know!?

How would you recommend getting into it? Might be a viable avenue for me later this year.
Getting into SG? What do you mean?

You want to come as a tourist or..? I just completed my first year here in SG, maybe I can answer specific questions?

If you want to live in Singapore, you need to have a job offer. Every major IT company (and many minors) has an Asian/SE Asian HQ there and they're constantly hiring.

Winging it on your own is considerably more complicated, but feasible if you're well paid and keen to start your own business, just look up EntrePass.

Actually, the more systems you have, the more likely you are having to a vulnerability and a point of weakness.
To give a sense of the scale: Singapore's resident population is 3.97m [1][2], so this affects 37.8% of the resident population.

[1] https://www.population.sg/population-trends/demographics

[2] I'd assume that fewer non-residents are affected because they're more likely to go for a private healthcare option.