Another day, another catastrophic data breach. This time it’s medical records in Singapore, where I live. At this stage we’re almost immune to this kind of headline:
Cyberattack on Singapore health database steals details of 1.5 million, including Prime Minister (Reuters)
Singapore has suffered its “most serious” data breach, compromising personal data of 1.5 million healthcare patients including that of its Prime Minister Lee Hsien Loong.
The affected users are patients of SingHealth, which is the country’s largest group of healthcare institutions comprising 42 clinical specialties, four public hospitals, five speciality centres, nine polyclinics, as well as three community hospitals.
Non-medical personal details of 1.5 million patients who visited SingHealth’s specialist outpatient clinics and polyclinics between May 1, 2015, and July 4, 2018, had been accessed and copied. The stolen data included patients’ name, national identification number, address, gender, race, and date of birth.
In addition, outpatient medical data of some 160,000 patients were compromised, though, the records were not modified or deleted, said the Ministry of Health and Ministry of Communications and Information (MCI), in a joint statement late-Friday.
That’s not a great look. SingHealth did, to their credit, notify all affected parties by SMS fairly soon after the breach became public.
So, what to do? It’s time to come to understand that while personal data is potentially commercially useful and potentially lucrative, it is at the same time a burden. It’s toxic data; it’s liability data; it’s “Prepare-the-comms-plan” data. But things could be different.
In my piece A gentle introduction to self-sovereign identity, I explain the concept of self-sovereign identity. Since writing that, my understanding has become more nuanced, and here I will outline the elements of a more secure system for storing sensitive in more detail.
Data warehouses containing large amounts of personal identity data are honey pots and extremely attractive for bad actors who want to copy the data. They don’t need to alter or tamper with the data, just taking a copy is enough.
But how can we remove the single source of data yet retain the usefulness of being able to pull up relevant and up to date data when, say, a doctor needs to access a patient’s records, or a bank needs to access a client’s corporate documents?