Hack Notice

Hack Notice: SG: Undertaking by StarMed Specialist Centre Pte Ltd

SG: Undertaking by StarMed Specialist Centre Pte Ltd

Source

https://www.databreaches.net/sg-undertaking-by-starmed-specialist-centre-pte-ltd/

Description

The Personal data Protection Commission of Singapore announced a new undertaking this week. The incident that led to the investigation was a ransomware assail on a medical entity, and findings included that the entity had left RDP open and had weak login credentials, among other concerns. The undertaking was to acquire them to harden their security; no monetary penalty was involved. background The Personal Data Protection Commission (the Commission) received a data breach notification on 7 February 2020 from StarMed Specialist centre Pte Ltd (StarMed), informing that ransomware had infected single of its servers and encrypted a database containing 373 patients personal data. The personal data consisted of the name, NRIC number, date of birth, gender, electrocardiogram data and treadmill stress test data. It was established that StarMed had not implemented the necessary security measures at the time of the incident. a Remote Desktop Protocol (RDP) Port had been left open, which likely enabled the unauthorised access to the database. In addition, both the server and database had weak login credentials and passwords. Remedial Actions After the incident, StarMed disabled the RDP Port and all public facing connections on the firewall. It also formalised its internal password sops into a written word policy. Additionally, StarMed rolled out several group-led IT security enhancement initiatives, including the implementation of a secured wide-area network and cybersecurity protection suite. StarMed will also continue to bolster faculty awareness on cybersecurity issues through further training at its Cyber Security consciousness workshops, conducted by an external cybersecurity consultant. task The charge considered the circumstances of the case and accepted an project from StarMed to improve its compliance with the Personal data Protection act 2012. The project was executed on 12 October 2020 (the Undertaking). The project provides that StarMed was to: (a) review password policies relating to StarMeds servers and IT equipment storing personal data; (b) critique appendage of login hallmark on StarMeds servers and IT equipment storing personal data; (c) retrospect the need for an alert system in the event of multiple failed account login attempts to StarMeds server and IT equipment storing personal data, including logging such attempts; (d) once the charge approves the proposed implementation plan, comply with every obligation band out in the implementation plan; (e) appoint individuals of sufficient authorisation to oversee compliance with the task and to describe the status of submission to the Commission; and (f) supply a status report to the Commission at a time requested by the Commission confirming whether StarMed has fulfilled each of the specific measures mark out in the implementation plan. StarMed has since provided the Commission with the status account referred to at para 5(f) above. The Commission has reviewed the matter and determined that StarMed has complied with the terms of the Undertaking. Please click�here�to view the Undertaking. Source: Personal Data protection commission of Singapore

About HackNotice and SG: Undertaking by StarMed Specialist Centre Pte Ltd

HackNotice is a service that notices trends and patterns in publically available data so as to identify possible data breaches, leaks, hacks, and other data incidents on behalf of our clients. HackNotice monitors data streams related to breaches, leaks, and hacks and SG: Undertaking by StarMed Specialist Centre Pte Ltd was reported by one of those streams. HackNotice may also have the breach date, hack date, the hacker responsible, the hacked industry, the hacked location, and any other parts of the hack, breach, or leak that HackNotice can report on for the consumers of our product.

If you are a user of SG: Undertaking by StarMed Specialist Centre Pte Ltd their products, services, websites, or applications and you were a client of HackNotice, monitoring for SG: Undertaking by StarMed Specialist Centre Pte Ltd you may have been alerted to this report about SG: Undertaking by StarMed Specialist Centre Pte Ltd . HackNotice is a service that provides data, information, and monitoring that helps our clients recover from and remediate data breaches, hacks, and leaks of their personal information. HackNotice provides a service that helps our clients know what to do about a hack, breach, or leak of their information.

If SG: Undertaking by StarMed Specialist Centre Pte Ltd had a breach of consumer data or a data leak, then there may be additional actions that our clients should make to protect their digital identity. data breaches, hacks, and leaks often lead to and reason indistinguishability theft, account take overs, ransomware, spyware, extortion, and malware. account takeovers are often caused by credential reuse, word reuse, easily guessed passwords, and are facilitated by the sharing of billions of credentials and other customer info through data leaks, as the direct result of data breaches and hacks.

HackNotice monitors trends in publically available data that indicates tens of thousands of data breaches each year, along with billions of records from data leaks each year. On behalf of our clients, HackNotice works to monitor for hacks that take to lower node security and digital identities that hold been exposed and should live considered vulnerable to attack. HackNotice workings with clients to identify the extent that digital identities get been exposed and provides remediation suggestions for how to handle each type of exposure.

HackNotice monitors the hacker community, which is a network of individuals that part data breaches, hacks, leaks, malware, spyware, ransomware, and many other tools that are often used for financial fraud, account have overs, and further breaches and hacks. HackNotice monitors the hacker community specifically for breaches, hacks, and data leaks that suffer consumers. HackNotice applies industry specific knowledge and advanced security practices to monitor for trends that designate breaches, hacks, and exposed digital identities.

HackNotice also enables clients to apportion hack notices with their friend, family, and collogues to help increase cognisance around alleged hacks, breaches, or data leaks. HackNotice works to provide clients with sharable reports to help increase the security of our clients personal network. The security of the multitude that our clients interact with directly impacts the layer of security of our clients. Increased exposure to accounts that have been taken over by hackers leads to further account take overs through phishing, malware, and other impound techniques.

If you found this hack notice to live helpful, then you may be interested in reading some additional jade notices such as:

mary for the offending party to endeavour to mitigate amends by providing to the victim's subscriptiothe staff member retains access to the data after termination of the combine relationship. In distribupractices for both internal and external threats to IT assets, software and information. while secur

RS Hughes Co Inc

Underwriters Laboratories (UL) certification giant hit by ransomware - BleepingComputer

Trinity Christian College (Blackbaud)