Cyberattack on SingHealth: Patients hope they won’t become victims of scams

SINGAPORE — Shocked by news that public healthcare cluster SingHealth had been the target of Singapore’s most serious cyberattack to date, some patients feared their data would be used for scams and hoped IT systems would be strengthened to prevent future breaches.

Employees approached by TODAY were tight-lipped, saying they were not allowed to comment on the issue.

About 1.5 million patients who visited SingHealth’s specialist outpatient clinics and polyclinics from May 1, 2015 to July 4 this year had their non-medical personal data illegally copied, the Ministry of Health and Ministry of Communications and Information announced on Friday (July 20). The data taken include names, identity card numbers, addresses, gender, race and dates of birth.

In addition, information on the outpatient medication dispensed to about 160,000 of these patients – including Prime Minister Lee Hsien Loong – was stolen.

But no records were tampered with, and other patient records such as diagnosis, test results and doctors’ notes were not breached, the ministries said.

“It’s quite shocking because Singapore is seen as being very (up-to-date) on technologies,” said SingHealth polyclinic patient Lailatul Munira Zainal, 21, who works in the food and beverage industry. “The hackers can use our personal information to blackmail and threaten us and family members, and that’s also why so many Internet scams happen.”

Other patients felt helpless to do anything about the breach as they needed to seek treatment or purchase medication from SingHealth institutions, which include the Singapore General Hospital (SGH), Changi General Hospital and Singapore National Eye Centre.

“My health history is all linked with government hospitals,” said SGH patient Nurzanna, 47.

Pointing to previous cyberattacks on government agencies such as one on the Ministry of Defence in February last year, Ms Nurzanna, a personal assistant at a human resource firm, said: “Even if you report this under the Personal Data Protection Act, what can (the authorities) do? Basically we are slaves to information technology.”

SingHealth patients had mixed views on the value of their stolen data.

A polyclinic patient, who works in cyber security and declined to be named, felt the data would be worth “a lot of money” especially on the dark Web, which consists of websites that cannot be found using traditional search engines. This is because the data involves millions of people and “even our Prime Minister”, he said. “It is disruptive to our economy as well.”

In contrast, SGH patient Ho Kiam Siong, 46, felt the breach was “quite unacceptable” but said he had nothing to hide. “What can you do to my own personal data? I don’t have (any history of sexually-transmitted illnesses) or anything,” he said.

Full-time national serviceman and polyclinic patient Gerald Rudolf Mak, 22, said he would wait and see if any of his data is misused. “No point worrying too much now,” he said. “Just work on improving our system to prevent such things (from happening) again. I think that’s the best we can do.”

SingHealth patients affected by the breach began receiving text messages from the cluster on Friday evening, and can also do their own checks on https://datacheck.singhealth.com.sg/.

Most employees approached on Friday outside various SingHealth institutions declined to comment. Some personnel also tailed and tried to stop the media from approaching patients outside SingHealth’s premises.

But social media posts began surfacing on Friday morning that employees’ access to the Internet at the workplace had been temporarily cut, due to what SingHealth described as “continuing efforts” to reinforce IT systems.

One polyclinic staff, who spoke on condition of anonymity, told TODAY: “I felt strange last week because all of us were told to change our password. Internet has been stopped today. It doesn’t affect our daily work a lot because we still have Intranet (but) we have no idea when (access will be reinstated).”

The employee added: “I’m not so worried about my data being leaked, just hope that there won’t be impersonation scams making use of my data.”

Sign up for TODAY's WhatsApp service. Click here:
 

Sign Up