SingHealth patient database compromised in cyber attack

Singapore Prime Minister Lee Hsien Loong was among 1.5 million patients who had their personal data stolen in the nation’s most severe cyber attack to date.  Also compromised were the outpatient prescriptions of 160,000 patients.

The records were illegally accessed and copied but not tampered with.

“No other patient records, such as diagnosis, test results or doctors’ notes, were breached. We have not found evidence of a similar breach in the other public healthcare IT systems,” according to a Ministry of Communications and Information and Ministry of Health press release.

Investigations by the Cyber Security Agency of Singapore (CSA) and the Integrated Health Information System (IHiS) confirmed that this was a deliberate, targeted and well-planned cyberattack, and not the work of casual hackers or criminal gangs.

The attackers specifically and repeatedly targeted Prime Minister Lee Hsien Loong’s personal particulars and information on his outpatient dispensed medicines.

“I don’t know what the attackers were hoping to find. Perhaps they were hunting for some dark state secret, or at least something to embarrass me. If so, they would have been disappointed. My medication data is not something I would ordinarily tell people about, but there is nothing alarming in it,” wrote Prime Minister Lee in a Facebook post.

IHiS detected unusual activity on one of SingHealth’s IT databases on July 4 and acted immediately to halt the activity. Further investigations revealed that data was exfiltrated from June 27 to July 4. SingHealth lodged a police report on July 12 and police investigation is ongoing.

Security measures taken include temporarily imposing internet surfing separation, placing additional controls on workstations and servers, reset user and systems accounts, and installing additional system monitoring controls.

All SingHealth patients from May 1, 2015 to July 4 this year will be notified if their data had been illegally exfiltrated. All the patients, whether or not their data were compromised, will receive an SMS notification over the next five days. Patients can also access the Health Buddy mobile app or SingHealth website to check if they are affected.