Timeline of attack on SingHealth's IT systems and other notable cyber breaches in Singapore

SINGAPORE — Hackers last month broke into SingHealth's IT systems to steal the data of 1.5 million patients and records of the outpatient medication given to Prime Minister Lee Hsien Loong, in the biggest and most serious cyberattack on Singapore to date. Here's a timeline of events surrounding the unprecedented breach:

• July 4, 2018: "Unusual activity" was detected in one of SingHealth's IT databases by Integrated Health Information System (IHiS) data administrators. They acted immediately to stop the activity, and started investigations. In the meantime, additional cyber security precautions were put in place.
   
• July 10, 2018: IHiS' investigations confirmed a cyber attack had taken place, and it informed the Ministry of Health, SingHealth and the Cyber Security Agency of Singapore. It was established that data had been stolen between June 27 and July 4.
   
• July 12, 2018: SingHealth lodged a police report. Police investigations are still ongoing.
  
   

Other notable cyber breaches in Singapore in recent years:

• April 2017: Sophisticated cyber-attacks aimed at stealing research and government-related information hit the National University of Singapore and Nanyang Technological University, Singapore's top universities. The breaches were the work of "advanced persistent threat actors" using more stealthy methods which are therefore harder to detect. These attacks — designed to target a specific entity — are highly customised to get around security measures in place and are typically carried out through individuals associated with those entities.
   
• February 2017: The Ministry of Defence was dealt its first cyber-security breach when the personal details of 850 national servicemen and staff members were stolen in a targeted and carefully planned attack. The breach of the ministry's internal I-Net system, which allows servicemen and employees to surf the Internet and carry out personal communication, was executed remotely over the Internet.
   
• 2016: About 380,000 Singapore users of ride-hailing company Uber were hit by a massive data breach. They were among 57 million customers and drivers around the world who had their names, email addresses, mobile numbers and driver's licence information stolen by hackers.
   
• 2014: The Ministry of Foreign Affairs' information-technology system was breached. The specifics, such as when the breach occurred, were not made public, but the Cyber Security Agency of Singapore said immediate steps were taken to isolate the affected devices and appropriate security measures put in place to beef up the network.
   
• June 2014: More than 1,500 SingPass accounts were accessed illegally and potentially compromised. Some of the users had their passwords reset illegally. SingPass was set up for Singapore residents aged 15 and above in 2003 to carry out online transactions with government agencies. This episode led to the introduction of two-factor authentication for access to e-government services for improved security.
   
• December 2013: The bank statements of 647 Standard Chartered private banking clients were stolen from a server of a printing company.
   
• November 2013: The data of about 4,000 individuals — including their names, email addresses, phone numbers and, in some cases, nationalities — stored on the Singapore Art Museum website was exposed on an overseas website.

Sign up for TODAY's WhatsApp service. Click here:

Sign Up