Skip to main content

Advertisement

Advertisement

Hackers stole data of PM Lee and 1.5 million patients in 'major cyberattack' on SingHealth

SINGAPORE — In the biggest and most serious cyberattack yet on Singapore, hackers last month broke into SingHealth's IT systems to steal the data of 1.5 million patients and records of the outpatient medication given to Prime Minister Lee Hsien Loong, the authorities said on Friday (July 20).

Hackers stole data of PM Lee and 1.5 million patients in 'major cyberattack' on SingHealth

Minister for Communications and Information S Iswaran (C) speaks alongside Minister for Health Gan Kim Yong (3rd R) during a press briefing on a 'major cyber attack' on SingHealth, July 20, 2018.

SINGAPORE — In the biggest and most serious cyberattack yet on Singapore, hackers last month broke into SingHealth's IT systems to steal the data of 1.5 million patients and records of the outpatient medication given to Prime Minister Lee Hsien Loong, the authorities said on Friday (July 20).

"The attackers specifically and repeatedly targeted Mr Lee's personal particulars and information on his outpatient dispensed medicines," the Ministry of Health (MOH) and Ministry of Communications and Information (MCI) said in a joint press statement.

Mr Lee had fought off cancer twice, and was given a clean bill of health after he abruptly took ill during the National Day Rally in August 2016. In May 2015, Mr Lee was given the all-clear for prostate cancer after undergoing surgery in February that year to remove his cancerous prostate gland. He had a previous bout with cancer in 1992, when he had suffered from intermediate grade malignant lymphoma.

Commenting on the attack, Mr Lee wrote in a Facebook post that the hackers were "extremely skilled and determined", and had "huge resources, and never give up trying".

He added: "I don’t know what the attackers were hoping to find. Perhaps they were hunting for some dark state secret, or at least something to embarrass me.

"If so, they would have been disappointed. My medication data is not something I would ordinarily tell people about, but there is nothing alarming in it." 

The hackers - whom the authorities did not name and whose intentions were not spelled out - took data such as the name, NRIC number, address, gender, race, and date of birth of 1.5 million patients who visited SingHealth's specialist outpatient clinics and polyclinics from May 1 2015 to July 4 this year.

The records of the medicines given to 160,000 people – the Prime Minister among them - who had received outpatient treatment at SingHealth's outlets were also stolen.

The data was stolen over a one-week period from June 27 to July 4. "The Cyber Security Agency's (CSA) investigations have established that the attack was deliberate, targeted and carefully planned. It was not the work of casual hackers or criminal gangs," MCI said in a separate statement.

Police investigations are ongoing. There have been growing concerns in recent years over the proliferation of state-sponsored cyberattacks aimed at both multinationals as well as governments.

MOH and MCI assured Singaporeans that the affected data had not been tampered with. "No other patient records, such as diagnosis, test results or doctors' notes, were breached. We have not found evidence of a similar breach in other public healthcare IT systems," they added in the joint statement.

MCI said that the Smart Nation and Digital Government Group had completed a scan of all government systems and "found no evidence of compromise". The authorities will meanwhile suspend the roll out of new information and communications technology systems while a security review of government systems is conducted.

Citing the "serious public health and safety implications" triggered by the incident, MCI said Minister-in-charge of Cybersecurity S Iswaran would convene a Committee of Inquiry (COI), chaired by retired Senior District Judge Richard Magnus, into the matter, and look into measures to better secure public sector IT systems in future.

PLAN OF ATTACK

The hackers first broke into SingHealth's IT system via a front-end workstation, and later managed to obtain log-in details to assess the database, according to CSA's investigations.

The data was later found to have been stolen over a one-week period from June 27 to July 4, though database administrators at the Integrated Health Information Systems (IHiS), the Health Ministry's IT arm, did not detect signs of unusual activity until July 4.

Upon detecting the intrusion, IHiS investigators "acted immediately to halt the activity...while putting in place additional cyber security precautions," MOH and MCI said.

Six days later, on July 10, the investigators confirmed that SingHealth's systems had come under a cyberattack, and informed the relevant parties. SingHealth lodged a police report on July 12.

The hackers did not stop after they were detected, according to the authorities, who said they detected "further malicious activities" as monitoring efforts were stepped up. However, the hackers did not manage to steal more data after July 4.

"All patient records in SingHealth's IT system remain intact," MOH and MCI said. "There has been no disruption of healthcare services during the period of the cyberattack, and patient care has not been compromised."

Meanwhile, additional measures have been taken to beef up the security of SingHealth's IT systems. These include measures for separate computers to access the Internet, the resetting of user and system accounts, additional monitoring controls, and tighter controls on workstations and servers.

"Similar measures are being put in place for IT systems across the public healthcare sector against this threat," the authorities added.

AFFECTED PATIENTS, FURTHER MEASURES

SingHealth will begin contacting the affected patients from Friday via SMSes. They can also check if their data has been compromised by going to the SingHealth website, or by using the Health Buddy mobile app.

The IHiS has been instructed to work with external experts to conduct a thorough review of Singapore's public healthcare system in order to better prevent or detect future cyber attacks. The review will cover areas like cybersecurity policies, threat management processes, IT system controls, among others.

"The Government takes a serious view of any cyberattack, illegal access of data or action that compromises the confidentiality of data in Singapore," MOH and MCI said in their joint statement.

Sign up for TODAY's WhatsApp service. Click here:

Sign Up

Related topics

SingHealth cyber attack Lee Hsien Loong MOH

Read more of the latest in

Advertisement

Popular

Advertisement

Stay in the know. Anytime. Anywhere.

Subscribe to get daily news updates, insights and must reads delivered straight to your inbox.

By clicking subscribe, I agree for my personal data to be used to send me TODAY newsletters, promotional offers and for research and analysis.

Aa