At least its network’s administrative and medical nodes were segmented, or the damage would have been worse, according to experts.

Last week, the personal data and clinical information of over 73,000 patients of a private eye clinic were compromised due to a cyberattack on the organization’s servers and several computer terminals.

The compromised data included patients’ names, addresses, identity card numbers, contact details and clinical information. The clinic, Eye & Retina Surgeon, had progressively informed affected patients of the incident, but maintains that no credit card or bank account information was accessed or compromised. Also, none of it operations were affected, and its IT systems have been restored securely. Investigations with the country’s Personal Data Protection Commission and Computer Emergency Response Team (SingCERT) are ongoing. 

According to one cybersecurity expert, healthcare players are a favorite target of cybercriminals. Said Oded Vanunu, Head of Products Vulnerability Research, Check Point Software Technologies: “These targets are usually hold private information including health history records that are big demand on the Dark Net. From what we see in general, small health clinics are not prepared for such sophisticated cyberattacks.”

Another expert, Jonathan Knudsen, Senior Security Strategist, Synopsys Software Integrity Group, noted that every organization is a software organization—even an eye clinic. “No matter their size or industry, every (business) must include cybersecurity as part of their day-to-day operations. A comprehensive, proactive approach to security reduces risk for the organization and its customers. In this case, segmenting the network between administrative functions and medical data was a smart defensive move and prevented this attack from being much worse. This technique is part of the basic security hygiene that all organizations should practice.” 

Knudsen added that, even with the best defenses, things can still go wrong, so organizations need to plan ahead for cyber incidents and be prepared to remediate problems and notify customers and authorities promptly.