SingHealth, the largest network of healthcare institutions in Singapore, has been targeted by a severe cyberattack, according to authorities.
The personal data of around 1.5 million patients, including those of Prime Minister Lee Hsien Loong, were stolen in what is considered Singapore’s most serious cyberattack ever, the Straits Times reported.
According to the report, the hackers illegally accessed and copied personal data of around 1.5 million individuals that visited SingHealth’s specialist outpatient clinics and polyclinics between May 01, 2015 and July 04, 2018. The stolen data included patient names, NRIC numbers, addresses, genders, race, and dates of birth. About 160,000 individuals also had their outpatient prescription data stolen.
Authorities described the attack as “deliberate, targeted, and well-planned.” The Prime Minister’s data seemed to be one of the targets, especially the record about medicines prescribed to him.
A timeline of the event revealed that, on July 04, administrators of the Integrated Health Information System (IHIS), the agency in charge of the IT systems of public healthcare institutions, noticed suspicious activity on one of SingHealth’s databases.
The administrators conducted investigations and put up additional cybersecurity precautions, and, on July 10, it was confirmed as a cyberattack. More malicious activity was detected after the additional precautions were activated, but no further data was stolen. Police are currently investigating the incident.
In response to the event, the Health Ministry has ordered a review of the public healthcare sector’s data systems to improve its defences. Singapore’s Cyber Security Agency (CSA) will work with 11 critical sectors – such as energy and finance – to improve their cybersecurity capabilities.
Minister for Communications and Information S. Iswaran, who is also Minister-in-charge of Cyber Security, has formed an inquiry committee to investigate the attack.
This is the largest data breach in the country to date, far larger than the breach that affected 380,000 users of Uber Singapore, as well as the one that leaked details for 5,400 customers of AXA Singapore.