About 1.5 million patients, including Prime Minister Lee Hsien Loong, were targets of a “major cyberattack” on SingHealth.
In a joint statement by the Ministry of Communications and Information (MCI) and the Ministry of Health (MOH) today (20 July) said patients who visited SingHealth’s specialist outpatient clinics (SOCs) and polyclinics from 1 May 2015 to 4 July 2018 may be affected.
Patients’ personal particulars such as name, NRIC number, address, gender, race, and date of birth were reportedly stolen by hackers.
About 160,000 patients also had information about their outpatient dispensed medicines illegally taken as well.
However, records were not edited or deleted at all.
The statement added there are no evidence of a similar breach in the other public healthcare IT systems.
“This cyberattack was a deliberate, targeted and well-planned one. It was not the work of casual hackers or criminal gangs,” a separate statement from MCI said.
It added that the government will take immediate action to strengthen our public sector IT systems and databases to prevent similar cybersecurity breaches like this, and the Committee of Inquiry will conduct an independent external review.
SingHealth will send an SMS to all patients to inform them if they have been affected over the next five days.
Patients can also use the Health Buddy app or visit the SingHealth website to check if they are affected.
Singapore’s HealthTech agency, IHiS, had “detected unusual activity” on one of SingHealth’s IT databases on 4 July 2018, and had “acted immediately” to stop it.
Six days later, their investigations confirmed it was a cyberattack and the MOH, SingHealth, and the Cyber Security Agency of Singapore (CSA) were informed.
According to the statement, SingHealth lodged a police report on 12 Jul 2018 and police investigation is ongoing.
In an announcement on Facebook, PM Lee suggested that whatever the hackers’ goals were, they could be looking for “some dark state secret, or at least something to embarrass [him]”.
“This will be a ceaseless effort. Those trying to break into our data systems are extremely skilled and determined. They have huge resources, and never give up trying,” he added.
“Our goal has to be to prevent every single one of these attacks from succeeding. If we discover a breach, we must promptly put it right, improve our systems, and inform the people affected.”
Featured Image Credit: IBTimes UK