Cyber-security agency working to tighten security

We thank Mr Shawn Low for his letter (More needs to be done after breach at SingHealth; July 24).

The loss of 1.5 million patients' personal particulars is a serious matter.

Fortunately, more sensitive personal information such as medical records and credit card details were not stolen, but we are acutely aware of the risk that fraudsters might use the stolen information to impersonate customers.

The Cyber Security Agency of Singapore takes this very seriously.

We are working with all 11 critical information infrastructure sectors to strengthen their systems.

We have also worked with the sector regulators to step up their defences against identity fraud.

For instance, the Monetary Authority of Singapore has directed all financial institutions to further tighten their customer verification processes.

All financial institutions will not rely solely on names, NRIC numbers, and addresses for customer verification.

They will require additional information such as one-time-password, PIN, biometrics, last transaction date or amount, among others.

The Info-communications Media Development Authority has also advised telcos to review their authentication processes and strengthen their processes.

Members of the public are advised to exercise caution and adopt good cyber-hygiene practices to protect their personal data.

The public are advised against using their personal information in their passwords as it is unsafe to do so.

They should use strong passwords and change their user ID or security questions if they were based on their personal data.

For more cyber-security tips, please visit Gosafeonline at

Lim Thian Chin

Deputy Director (Critical Information Infrastructure Protection)

Cyber Security Agency of Singapore

A version of this article appeared in the print edition of The Straits Times on July 31, 2018, with the headline 'Cyber-security agency working to tighten security'. Print Edition | Subscribe