Singapore Health Services (SingHealth) has been fined S$250,000 while Integrated Health Information Systems (IHIS), the IT agency responsible for Singapore's public healthcare sector, is slapped with a S$750,000 fine, for failing to take adequate security measures to safeguard personal data. The oversight had contributed to the July 2018 cybersecurity attack that compromised personal details of 1.5 million SingHealth patients, and breached their data protection obligations outlined in Singapore's Personal Data Protection Act.

SingHealth was held responsible as the owner of the patient database that was infiltrated in the attack that resulted in the worst breach of personal data in Singapore's history, said Personal Data Protection Commission (PDPC), which administers the legislation, in a statement Tuesday. The outpatient medical records of another 160,000 patients were compromised in the incident.

The link for this article located at ZDNet is no longer available.