SINGAPORE: The Monetary Authority of Singapore (MAS) said on Tuesday (Jul 24) it has instructed all financial institutions to tighten their customer verification process, following the SingHealth cyberattack.
Last month, cyberattackers had stolen 1.5 million SingHealth patients’ records in what was deemed by the Ministry of Health and Ministry of Communications and Information to be the "most serious breach of personal data” in Singapore’s history.
The 1.5 million individuals had their non-medical records – including their name, NRIC, address and date of birth – illegally accessed and copied in the cyberattack. Some 160,000, which included Prime Minister Lee Hsien Loong, also had their dispensed medicines records taken.
“With immediate effect, all financial institutions should not rely solely on the types of information stolen (name, NRIC number, address, gender, race, and date of birth) for customer verification,” MAS said in a statement.
“Additional information must be used for verification before undertaking transactions for the customer. This may include, for instance, One-Time Password, PIN, biometrics, last transaction date or amount, etc.”
MAS added it had also directed all financial institutions to conduct a "risk assessment of the impact of the SingHealth incident on their existing control measures for financial services offered to customers, including transaction and inquiry functions".
"MAS will work closely with the financial institutions to ensure that robust cyber defences are in place so that customers can carry out online financial transactions with confidence," said MAS’ chief cybersecurity officer Tan Yeow Seng.
He added that customers must also play their part by safeguarding their passwords and practising good "cyber-hygiene".
"If they suspect any fraudulent transactions in their accounts, they should notify their banks immediately," he said.
The attack has prompted healthcare institutions to step up security measures and sparked a Government probe into the incident.