Nearly 73,500 patients’ data affected in ransomware attack on eye clinic in S’pore, Tech News News & Top Stories

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360

SINGAPORE – A ransomware attack has affected the personal data and clinical information of nearly 73,500 patients of a private eye clinic.

The information included names, addresses, identity card numbers, contact details and clinical information, said Eye & Retina Surgeons (ERS) on Wednesday (Aug 25).

But the clinic said that no credit card or bank account information was accessed or compromised.

It added that its IT system has been restored securely, and its IT providers have completed a thorough check of the clinic’s system, reformatted servers and run anti-virus scans on all computer terminals.

Measures will be taken to prevent the breach from recurring, ERS said.

ERS had fallen prey to a sophisticated ransomware cyber attack by hackers on Aug 6. Such attacks usually involve locking up data until victims pay the hackers.

Servers and several computer terminals at the clinic’s Camden branch were affected, but its IT system at the Novena branch was not.

While no sensitive data has been leaked publicly for now, the clinic said that it will monitor the situation closely.

ERS said that for data security reasons, it maintains active medical records separately on a cloud-based system, so they were not accessed or compromised in the cyber attack. Clinical operations were not affected too.

The clinic said it is now in the process of informing patients of the cyber attack.

The police, Personal Data Protection Commission – which said it is seeking more information from ERS – and the Cyber Security Agency of Singapore (CSA) have been informed.

ERS is also working with CSA and the Ministry of Health to investigate the root causes of the attack and, together with security experts, is also trying to identify potential areas the company can better secure.

The clinic claimed that it uses “reputable and established external IT service providers to advise on and maintain its IT systems, and subscribes to appropriate anti-virus and other protective software, which are regularly updated”.

“ERS regrets this breach and wishes to assure its patients that it takes patient confidentiality very seriously,” the clinic said, adding that it will continue to do everything it can to protect and secure…