Industry News

Hackers breach Singapore’s largest healthcare provider; steal records of 1.5 million patients, including the Prime Minister

A hacker attack on Singapore’s largest group of healthcare institutions has compromised 1.5 million patient records, the Ministry of Health (MOH) said in a press release.

Investigations by the Cyber Security Agency of Singapore (CSA) and the Integrated Health Information System (IHiS) confirmed that the attack was deliberate, targeted, and overall very well planned.

“It was not the work of casual hackers or criminal gangs,” according to the press release.

The stolen data include name, NRIC (National Registration Identity Card) number, address, gender, race and date of birth. Investigators said the records were not tampered with or deleted.

Diagnosis, test results, doctors’ notes and other records were not touched and other public healthcare systems were not targeted, investigators said.

A notable finding was that the perps “specifically and repeatedly” targeted Prime Minister Lee Hsien Loong’s personal records.

The attack was detected on July 4, when IT administrators noticed unusual activity on one of SingHealth’s IT databases. The attackers reportedly accessed the database by hacking a single front-end workstation.

“They subsequently managed to obtain privileged account credentials to gain privileged access to the database. Upon discovery, the breach was immediately contained, preventing further illegal exfiltration,” reads the report. “All patient records in SingHealth’s IT system remain intact. There has been no disruption of healthcare services during the period of the cyberattack, and patient care has not been compromised.”

SingHealth has started contacting all patients who visited its clinics from May 1, 2015 to July 4, 2018, to notify them if their data had been exfiltrated. Singapore’s MOH has directed the Integrated Health Information System (IHiS) to conduct a thorough review of the country’s public healthcare system to improve cyber threat prevention, detection and response.

About the author

Filip TRUTA

Filip is an experienced writer with over a decade of practice in the technology realm. He has covered a wide range of topics in such industries as gaming, software, hardware, and security, and has worked in various B2B and B2C marketing roles. He likes fishing (not phishing), basketball, and playing around in FL Studio.

Add Comment

Click here to post a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.