Parliament: 'Multiple safeguards' to prevent misuse of stolen SingHealth data, says S. Iswaran

Financial institutions, like banks and insurance companies, do not just rely on personal information to verify customer identity, said Minister for Communications and Information S. Iswaran in Parliament on Aug 6, 2018. ST PHOTO: ARIFFIN JAMAR
Hariz Baharudin
Indonesia Correspondent
Updated
Oct 09, 2018, 02:01 PM
Published
Aug 06, 2018, 03:35 PM

SINGAPORE - The theft of the personal data of 1.5 million SingHealth patients has sparked worries of identity theft or fraudulent transactions, but there are "multiple safeguards" to prevent the stolen data from being misused.

The assurance was given by Minister for Communications and Information S. Iswaran in Parliament on Monday (Aug 6).

While he acknowledged the worries, he said: "I would like to emphasise that there are multiple safeguards in place to mitigate such risks, especially for financial transactions and sensitive government e-transactions."

Mr Iswaran, who is also Minister-in-charge of Cyber Security, elaborated on various security measures that are in place to mitigate such risks.

Financial institutions, like banks and insurance companies, do not rely on just personal information to verify customer identity, he said.

He said: "All banks and insurance companies in Singapore already have two-factor authentication (2FA) for online financial services, such as making fund transfers or accessing account details."

This refers to how account holders have to input their Personal Identification Number (PIN) and a one-time-password (OTP), which is received via SMS or a bank's authentication token.

More On This Topic
SingHealth attack due to APT group, typically linked to foreign governments, says S. Iswaran
Cyber Security Agency to give directions to critical sectors on how to bolster cyber defence
Internet surfing separation may be permanent in some parts of public healthcare, says Gan Kim Yong

Mr Iswaran said the OTP allows for an additional authentication layer known as "transaction signing", which protects higher-risk transactions such as adding a third-party payee or transferring large sums of money.

He added: "Unless the attacker has access to all authentication information, it would not be possible for fraudulent transactions or identity theft to occur."

All sensitive government electronic transactions have been protected by Singpass 2FA since July 2016, he added.

Mr Iswaran said individuals can also do their part by practising good personal data protection and cyber-security habits.

He said: "They should ensure that their passwords, user IDs and security questions are not based on personal data, use strong passwords, enable 2FA for online transactions, and watch out for fraudulent transactions and suspicious requests for their personal data."

Mr Iswaran added that Singaporeans can contact the Singapore Computer Emergency Response Team to report a cyber-security incident, and the Personal Data Protection Commission to report personal data breaches.

Join ST's WhatsApp Channel and get the latest news and must-reads.

Available for
iPhones and iPads
Available in
Google Play

MCI (P) 066/10/2023. Published by SPH Media Limited, Co. Regn. No. 202120748H. Copyright © 2024 SPH Media Limited. All rights reserved.

Back to the top