Singapore government health data stolen by hackers, 1.5 million people affected


The Ministry of Communications and Information (MCI) and Ministry of Health (MOH) have stated on Friday, July 20 that the hackers had accessed to the 160,000 patients' records of dispensed medicines.

Investigations are ongoing in a joint effort by the Cyber Security Agency of Singapore (CSA) and the Integrated Health Information Systems (IHiS) with more information expected within the coming days and weeks.

The data stolen included the patients' names, National Registration Identity Card numbers, address, gender, race and date of birth, the ministries said, adding that they have not found evidence of a similar breach in other public healthcare IT systems. It added that all patients who had visited healthcare institutions under SingHealth would receive SMS notifications informing them of the security breach.

Singaporean government spokespeople described the attack as "deliberate, targeted and well-planned" and said it was conducted by sophisticated hackers.

On July 10, the Health Ministry, SingHealth and the Cyber Security Agency of Singapore were informed after forensic investigations confirmed that it was a cyber attack.

Officials have announced that hackers have stolen personal data from a quarter of Singapore's population via SingHealth's IT databases.

Addressing reporters at a press conference earlier today, Singapore's health minister Gan Kim Yong said: "We can not assume that the threat has disappeared", Gan said. The government is convening a Committee of Inquiry to look thoroughly into this incident, he said.

More news: Toronto shooting: 2 victims and gunman dead, 12 wounded

According to authorities, hackers used a malware-infected computer to gain access to the database at some point between June 27 and July 4, before administrators spotted "unusual activity".

No further data has been stolen since July 4.

However, authorities have put the brakes on these plans while they investigate the cyberattack. "If so, they would have been disappointed", Lee said in a Facebook post on Friday. Officials said hackers didn't edit or delete any patient records, but only exfiltrated it to a remote server.

Eric Hoh, president of Asia Pacific at FireEye said that many businesses and governments in Southeast Asia face cyber threats, but few recognise the scale of the risks they pose.

"Singapore ranks among the leaders in cyber security, and we would like to see more governments follow their lead in disclosing breaches". I was confident that SingHealth would do their best to protect my patient information, just as it did for all their other patients in the database.

BBC pointed to a 2015 study that suggested around 29 million digital health records were exposed in one way or another between 2010 and 2013 in the US.

"We must not let this derail our Smart Nation is the way of the future", he said, taking a longer-term view of the projects.