Singapore healthcare database hit by ‘major cyber-attack’

Data breach impacting 1.5m people was “deliberate, targeted, and well-planned”

SingHealth, the largest healthcare group in Singapore, has been the target of a “major cyber-attack” that resulted in the personal information of around 1.5 million individuals being compromised – including that of Prime Minister Lee Hsien Loong.

Issuing a security alert earlier today, SingCert – the Asian nation’s computer emergency response team – said the data breach has impacted patients who visited SingHealth’s specialist outpatient clinics between May 1, 2015, and July 4, 2018.

“About 1.5 million patients… have had their non-medical personal particulars illegally accessed and copied,” SingCert confirmed. “The data taken include name, NRIC [national identity] number, address, gender, race, and date of birth.”

Forensic investigations conducted by the authorities indicated that this was a “deliberate, targeted and well-planned cyber-attack”.

“It was not the work of casual hackers or criminal gangs,” the statement read.

Targeted attack

In a lengthy Facebook post, Singapore’s Prime Minister Lee Hsien Loong said the attackers specifically and repeatedly targeted his own medication data.

“I don’t know what the attackers were hoping to find,” the Prime Minister said. “Perhaps they were hunting for some dark state secret, or at least something to embarrass me.

“If so, they would have been disappointed. My medication data is not something I would ordinarily tell people about, but there is nothing alarming in it.”

Singapore’s Integrated Health Information System (IHiS), the technology agency implicated in the data breach, said it has implemented further measures to tighten the security of SingHealth’s IT systems.

Addressing reporters at a press conference earlier today, Singapore’s health minister Gan Kim Yong said: “We cannot assume that the threat has disappeared,” Gan said. “We must continue to be vigilant and continue to monitor our internet activities so that we can detect them early if there are further intrusions.”

SingHealth said it would be contacting all patients who visited its specialist outpatient clinics during the period of compromise to notify them if their data had been illegally exfiltrated.

News of the healthcare hack comes just weeks after the Cyber Security Agency of Singapore (CSA) reported an ongoing rise in the number of cyber-attacks being conducted against the city-state.

Published in June, the Singapore Cyber Landscape 2017 report said common cyber threats showed “no signs of abating”, as the Singapore Police Force were alerted to nearly 5,500 cybercrime cases last year.

While the country was “relatively unscathed” by last year’s major ransomware campaigns, CSA observed around 750 unique C&C servers in Singapore, and a daily average of about 2,700 botnet drones with Singapore IP addresses.

“Of the more than 400 malware variants detected in 2017, five were observed to have caused the majority of the infections. Conficker, Mirai, Cutwail, Sality, and WannaCry accounted for more than half of the systems infected daily,” the report said.