Singapore’s Health Database Hacked - Records of 1.5 Million Patients, Including PM, Stolen

Blanche Robertson
July 21, 2018

About 1.5 million patients, including Prime Minister Lee Hsien Loong, were targets of a "major cyberattack" on SingHealth.

In a joint statement by the Ministry of Communications and Information (MCI) and the Ministry of Health (MOH) today (20 July) said patients who visited SingHealth's specialist outpatient clinics (SOCs) and polyclinics from 1 May 2015 to 4 July 2018 may be affected.

While the exact culprits are not known, local media believes it was the work of state-sponsored actors and "not the work of casual hackers or criminal gangs".

The breach took place between 27 June and 4 July, the day the hack was noticed by a security team, which immediately took action to prevent any further access for the hackers.

"Personal data" included name, address, race and NRIC numbers.

Wealthy Singapore is hyper-connected and on a drive to digitise government records and essential services, including medical records which public hospitals and clinics can share via a centralised database.

"The records were not tampered with, ie no records were amended or deleted".

Trump and spy chiefs clash over Putin visit
In Moscow, Antonov said it was important to "deal with the results" of their first summit before jumping too fast into a new one. What agreements? What "sphere of global security"? The Russian government has been somewhat more forthcoming.

After the hack was detected, the Cyber Security Agency of Singapore (CSA), Ministry of Health and SingHealth were informed.

Health Minister Gan Kim Yong and Minister for Communications and Information S. Iswaran both described the leak as the most serious, unprecedented breach of personal data in Singapore.

In 2017, hackers broke into a defence ministry database, stealing the information of some 850 army conscripts and ministry staff.

Tan Shong Ye, a partner at PwC, noted that the Singapore government "responded swiftly" to the incident, including convening a Committee of Inquiry (COI) to look into the cyberattack and find ways to better secure public sector IT systems. A police report was filed on July 12 and investigations were ongoing.

In a Facebook post, Emeritus Senior Minister Goh Chok Tong also revealed that his "non-medical personal particulars" with SingHealth had been stolen. We have also placed additional controls on workstations and servers, reset user and systems accounts, and installed additional system monitoring controls.

The Ministry of Health has directed a thorough review of the public healthcare system to improve cyber security, and all public and private healthcare institutions have been advised to take cyber-security precautions.

"Many businesses and governments in Southeast Asia face cyber threats, but few recognize the scale of the risks they pose". Patients can also access the Health Buddy mobile app or SingHealth website to check if they are affected by this incident. The review will cover areas like cybersecurity policies, threat management processes, IT system controls, among others. It's a startling reminder to all Singaporeans that there is no such thing as "cyberattackers would never care about little old me'".

Other reports by

Discuss This Article