IHiS and SingHealth fined S$1 million in total by PDPC for data breach arising from cyberattack

The Personal Data Protection Commission (PDPC) in Singapore has imposed financial penalties on Integrated Health Information Systems (IHiS) and SingHealth following a cyberattack in July 2018. The PDPC found that IHiS had failed to adequately protect personal data and imposed a penalty of S$750,000. SingHealth was also penalized with S$250,000 as the owner of the patient database system. These penalties, totaling S$1 million, are the highest ever imposed by PDPC and take into account the severity and scale of the breach.