Personal info of 1.5m SingHealth patients, including Prime Minister Lee Hsien Loong, stolen in Singapore’s most serious cyber attack

(From left) Cyber Security Agency Chief Executive David Koh, MCI Permanent Secretary Gabriel Lim, MCI Minister S Iswaran, Health Minister Gan Kim Yong, Ministry of Health Permanent Secretary Chan Heng Kee and SingHealth CEO Ivy Ng attend a press conference regarding the SingHealth cyber attack. 
The Straits Times

In Singapore’s worst cyber attack, hackers have stolen the personal particulars of 1.5 million patients, including the outpatient prescriptions of 160,000 people, including that of Prime Minister Lee Hsien Loong and a few ministers.

In what is believed to be a state-sponsored attack, the hackers infiltrated the computers of SingHealth, Singapore’s largest group of healthcare institutions with four hospitals, five national specialty centres and eight polyclinics.

At a multi-ministry press conference on Friday (July 20), authorities said PM Lee’s information was “specifically and repeatedly targeted”.

The 1.5 million patients had visited SingHealth’s specialist outpatient clinics and polyclinics from May 1, 2015 to July 4, 2018.

Their non-medical personal data that was illegally accessed and copied included their names, IC numbers, addresses, gender, race and dates of birth.

No record was tampered with and no other patient records such as diagnosis, test results and doctors’ notes were breached. There was no evidence of a similar breach in the other public healthcare IT systems.

In the light of the attack, all of Singapore’s Smart Nation plans including the National Electronic Health Record (NEHR) project – which enables the sharing of patients’ treatment and medical data among hospitals here – have been put on hold.

Minister in Charge of Cyber Security S. Iswaran will convene a Committee of Inquiry (COI) to conduct an independent external review of the incident. Retired district judge Richard Magnus will chair the committee.

Initial investigations showed that one SingHealth front-end workstation was infected with malware through which the hackers gained access to the data base. The data theft happened between June 27, 2018 and July 4, 2018.

SingHealth has imposed a temporary Internet surfing separation on all of its 28,000 staff’s work computers. Other public healthcare institutions will do the same.

Unusual activity was first detected on July 4 on one of SingHealth’s IT databases, Security measures including the blocking of dubious connections and changing of passwords were taken to thwart the hackers.

On July 10, the Health Ministry, SingHealth and the Cyber Security Agency of Singapore were informed after forensic investigations confirmed that it was a cyber attack. A police report was made on July 12.

No further data was stolen since July 4.

All patient records in SingHealth’s IT system remain intact and there has been no disruption of healthcare services.

SingHealth will be contacting all patients who visited its specialist outpatient clinics and polyclinics from May 1, 2015 to July 4, 2018 to notify them if their data has been stolen. An SMS message will be sent to all patients over the next five days. Patients can also access the Health Buddy mobile app and SingHealth website to check if they are affected by the breach.

The Ministry of Health has directed a thorough review of the public healthcare system to improve cyber security and all public and private healthcare institutions have been advised to take cyber security precautions.