Hackers successfully attacked SingHealth’s computer database in what’s been touted as Singapore’s worst-ever cyberattack.
The hackers illegally accessed records of 1.5 million patients, and copied information such as their name, NRIC numbers and addresses.
160,000 of the patients had records of their dispensed medication stolen as well.
The hackers “specifically and repeatedly” targeted Prime Minister Lee Hsien Loong’s personal particulars and outpatient medication data
PM Lee, acknowledging that his outpatient medical data had been stolen, said there was nothing alarming that hackers would find.
“I don’t know what the attackers were hoping to find. Perhaps they were hunting for some dark state secret, or at least something to embarrass me. If so, they would have been disappointed. My medication data is not something I would ordinarily tell people about, but there is nothing alarming in it.”
According to the Health Ministry, the hacking took place between 27 Jun and 4 Jul this year.
The hackers accessed the SingHealth’s IT system through an initial breach on a front-end work station, where they then obtained privileged account credentials to access to the database
MOH says that hackers did not delete patient records.
The Integrated Health Information Systems (IHiS), the technology agency for the public healthcare sector, first detected unusual activity on one of SingHealth’s IT databases on 4 Jul.
They implemented cybersecurity precautions and monitored the situation until 9 Jul.
On 10 Jul, MOH, SingHealth and Singapore’s cybersecurity agency were informed of the hack and forensic investigations were carried out.
SingHealth lodged a police report on 12 Jul.
So far, none of the data stolen has appeared in the public domain.
There has also been no evidence of a similar breach in the other public healthcare and Government IT systems.
If you visited one of SingHealth’s specialist outpatient clinics or polyclinics between 1 May, 2015 and 4 Jul, 2018, chances are that you are affected.
Those affected should look out for “abnormalities” and “unusual activities” in their emails and transactions and report the matter to the police if there are any irregularities.
In addition to police investigations, a Committee of Inquiry will be set up to establish the events and contributing factors leading to the attack and the response to the incident.
The committee will also make recommendations on improvements.
