The MAS has ordered financial institutions to tighten security after the SingHealth cyber attack

The MAS has ordered financial institutions to change its customer verification process following the SingHealth attack.
The Straits Times

After the SingHealth attack which affected more than 1.5 million patients, the Monetary Authority of Singapore (MAS) announced that it has instructed all financial institutions to tighten their customer verification process.

“With immediate effect, all financial institutions should not rely solely on the types of information stolen (name, NRIC number, address, gender, race, and date of birth) for customer verification”, the MAS said in a statement.

“Additional information must be used for verification before undertaking transactions for the customer. This may include, for instance, One-Time Password, PIN, biometrics, last transaction date or amount”, it added.

It also said that it has instructed all financial institutions to conduct risk assessments of the impact of the SingHealth incident on their existing control measures for financial services offered to customers, including transaction and inquiry functions.

The chief cybersecurity officer for the MAS, Tan Yeow Seng, said: “MAS will work closely with the financial institutions to ensure that robust cyber defences are in place so that customers can carry out online financial transactions with confidence”.

Following the attack, SingHealth has sent out messages to people informing them whether they have been affected. However, that has also led to a new scam involving fake SMS-es.