Details of more than 1 million people - including Singapore PM

Cheryl Sanders
July 22, 2018

Mr Lee has survived cancer twice. Among those affected by the hack was Singapore's Prime Minister, Lee Hsien Loon. In a Facebook post, he wrote that attackers were probably looking for some dark secrets in an attempt to embarrass him.

The incident also highlights the fact that networks and endpoints can no longer be trusted, said Kyne, because attackers will inevitably find a way in.

"If so, they would have been disappointed".

Healthcare data is of particular interest to cyberattackers because it can be used to blackmail people in positions of power, said Jeff Middleton, chief executive of cybersecurity consultancy Lantium.

About 1.5 million patients who visited SingHealth's specialist outpatient clinics and polyclinics from 1 May 2015 to 4 July 2018 have had their non-medical personal particulars illegally accessed and copied. Around 160,000 of the 1.5 million patients also had their outpatient medical information accessed by unauthorized individuals as well.

However, while the attack was detected on July 4, it was later established that data "was exfiltrated" from June 27.

Sheena Jacob, a lawyer at Singaporean firm JurisAsia an affiliate of United Kingdom firm Gowling WLG, said: "This cyber attack affecting many Singaporeans brings home the fact that such attacks are increasingly common and sophisticated in nature".

In 2017, hackers broke into a defense ministry database, stealing the information of some 850 army conscripts and ministry staff. Police investigation is ongoing. There have been growing concerns in recent years over the proliferation of state-sponsored cyberattacks aimed at both multinationals as well as governments.

Just a few months ago, an Iran-based hacking group allegedly stole data from Singapore's Nanyang Technological University (NTU), National University of Singapore (NUS), Singapore University of Technology and Design and Singapore Management University. "Reports of such fraud in other public health systems there", - reads the statement of the authorities.

The MCI said on Friday that a scan of all government systems "found no evidence of compromise".

In the wake of the breach, the Singapore Computer Emergency Response Team has urged all organizations to review their information security practices, policies and procedures, especially around data security, data minimization and how they handle personally identifiable information.

The personal data of 15L Singapore citizens were targeted in the city state's "biggest ever data breach", authorities said today. On 10 July, the Health Ministry, higher officials of SingHealth and CSA were informed about the cyberattack.

"It was not the work of casual hackers or criminal gangs", he added. "Upon discovery, the breach was immediately contained, preventing further illegal exfiltration". The records were not tampered with, records were amended or deleted. The incident itself reinforces Singapore's longstanding worries about how cyberattacks could target important infrastructure and services such as healthcare. Moving forward, the IHiS and CSA have taken further measures to secure SingHealth's IT systems.

Patients affected in the latest breach will be contacted by the government informing them about the attack starting Friday.

It added that members of the public can check if they have been affected by visiting the SingHealth website or using the Health Buddy mobile app with their SingPass login.

Other reports by iNewsToday