A hacker attack on Singapore’s largest group of healthcare institutions has compromised 1.5 million patient records, the Ministry of Health (MOH) said in a press release.
Investigations by the Cyber Security Agency of Singapore (CSA) and the Integrated Health Information System (IHiS) confirmed that the attack was deliberate, targeted, and overall very well planned.
“It was not the work of casual hackers or criminal gangs,” according to the press release.
The stolen data include name, NRIC (National Registration Identity Card) number, address, gender, race and date of birth. Investigators said the records were not tampered with or deleted.
Diagnosis, test results, doctors’ notes and other records were not touched and other public healthcare systems were not targeted, investigators said.
A notable finding was that the perps “specifically and repeatedly” targeted Prime Minister Lee Hsien Loong’s personal records.
The attack was detected on July 4, when IT administrators noticed unusual activity on one of SingHealth’s IT databases. The attackers reportedly accessed the database by hacking a single front-end workstation.
“They subsequently managed to obtain privileged account credentials to gain privileged access to the database. Upon discovery, the breach was immediately contained, preventing further illegal exfiltration,” reads the report. “All patient records in SingHealth’s IT system remain intact. There has been no disruption of healthcare services during the period of the cyberattack, and patient care has not been compromised.”
SingHealth has started contacting all patients who visited its clinics from May 1, 2015 to July 4, 2018, to notify them if their data had been exfiltrated. Singapore’s MOH has directed the Integrated Health Information System (IHiS) to conduct a thorough review of the country’s public healthcare system to improve cyber threat prevention, detection and response.