Singapore health system hit by massive data breach

Singapore PM Lee Hsien Loong Among 1.5 Million Victims of Fresh Cyber Attack

The government claimed that PM Lee Hsien Loong was the prime target of the cyber attack

On July 20, the Singapore government officially confirmed that the city-state's health system was the target of a cyberattack last month in what was characterized as the most serious breach of personal data in its history.

In addition, it has also been disclosed that Lee Hsien Loong - Singapore Prime Minister - had his personal particulars stolen as well as his outpatient dispensed medicines record, in what was described as "specific and repeated" targetted attacks. At this stage, what Channel Asia understands so far is that the personal information of 1.5 million patients were stolen, including name, NRIC number, address, gender, race and date of birth. "Information on the outpatient dispensed medicines of about 160,000 of these patients was also exfiltrated", it added. Singapore has assured everyone that no data was tampered with, amended or deleted. Medical records, such as diagnoses, test results, or doctors' notes, aren't at risk.

He noted that a Committee of Inquiry had been set up to further assess the incident and recommend measures to better manage and safeguard SingHealth's as well as other public sector IT systems against similar cybersecurity attacks in future.

It appeared that a computer belonging to SingHealth, one of the state's two major government healthcare groups, was infected with malware through which the hackers gained access to the database.

Mr Lee added that when SingHealth digitised their medical records, they had asked if he wanted to computerise his own personal records or keep his records in hardcopy for security reasons.

He said on Facebook that if the hackers were looking for a dark state secret or something to embarrass him, "they would have been disappointed".

Unusual activity was first detected on July 4 on one of SingHealth's IT databases.

Earlier in the day, in a press conference, Health Minister Gan Kim Yong apologised to the affected patients, while Communications and Information Minister S Iswaran vowed to get to the bottom of the breach.

According to the statement, SingHealth lodged a police report on 12 Jul 2018 and police investigation is ongoing.

Richard Ford, chief scientist at information security firm Forcepoint, told The Business Times the incident is a "worrying reminder" of the vulnerabilities present in a digitally-connected workforce and an endless data sprawl.

Wang cautioned that this attack should not hinder the Singapore government's quest to invest in innovation for better productivity through technology-enabled pursuits.

The data breach exposes almost 1.5 million people who may have visited hospitals between May 2015 and July 4, 2018. And as the healthcare industry, too, underwent digital transformation, "the border between networks" also would become "more porous".

"Changes in base not included, i.e. the data has not been altered or removed".

SingHealth employees temporarily prohibited from using work computers.

With the recent SingHealth case, Wang viewed it as stolen assets, whether financial or private health data.

He added: "I don't know what the attackers were hoping to find. Unfortunately, that has now happened", he said.

Iran's Supreme Leader Warns of Closing Strait of Hormuz
Tekashi 6ix9ine kidnapped and robbed by three gunmen, currently in hospital