Singapore government health data stolen by hackers, 1.5 million people affected

Lester Mason
July 20, 2018

The largest healthcare provider in Singapore, SingHealth, has suffered a massive hack that affected a huge portion of the city-state's population, including Prime Minister Lee Hsien Loong, the Singapore Ministry of Health announced Friday.

The stolen details include names, addresses, gender, race, dates of birth, and IC numbers, which is a number mentioned on the National Registration Identity Card issued to every citizen.

"This cyberattack was a deliberate, targeted and well-planned one".

The first SMSes were sent out from 6pm on Friday, said SingHealth chief executive Ivy Ng, and all affected patients should receive the messages within the next five days. "If so, they would have been disappointed", he said.

In an announcement on Facebook, PM Lee suggested that whatever the hackers' goals were, they could be looking for "some dark state secret, or at least something to embarrass [him]".

Singapore's Health Ministry said that hackers did not access any diagnoses, test results or doctors' notes.

SingHealth lodged a police report on July 12 and police investigations are ongoing.

A police investigation is continuing.

"All patient records in SingHealth's IT system remain intact", MOH and MCI said.

CSA has ascertained that the cyber attackers accessed the SingHealth IT system through an initial breach on a particular front-end workstation. The patients will be informed if their data had been illegally exfiltrated.

IHiS, with CSA's support, has implemented measures to tighten the security of SingHealth's IT systems, including temporarily imposing Internet surfing separation; placing additional controls on workstations and servers, reset user and systems accounts; and installing additional system monitoring controls.

The Ministry of Health has directed a thorough review of the public healthcare system to improve cyber security and all public and private healthcare institutions have been advised to take cyber security precautions.

Hackers used a computer infected with malware to gain access to the database between June 27 and July 4 before administrators spotted "unusual activity", authorities said. They can also check if their data has been compromised by going to the SingHealth website, or by using the Health Buddy mobile app. The country has been applauded for its quick response and public disclosure. The Minister-in-Charge of Cyber Security will establish a Committee of Inquiry to conduct an independent external review of this incident.

Other reports by Iphone Fresh

Discuss This Article