Tuesday, 23 October 2018
Latest news
Main » Singapore govt health database hacked - Security

Singapore govt health database hacked - Security

21 July 2018

The hack of the country's largest group of healthcare providers, SingHealth, led to the theft of personally identifying information for a quarter of the country's 5.6m population.

Hackers have infiltrated Singapore's government health database in the country's worst breach of personal data, stealing records on 1.5 million patients including the prime minister's own personal drug prescriptions, the government said on Friday.

However, while the attack was detected on July 4, it was later established that data "was exfiltrated" from June 27.

Government officials did not say who might have been behind the attack, but a joint statement by the health and communications ministries suggested a high degree of sophistication.

"Please be assured that NO phone number, financial information or other patient medical records have been illegally accessed", it added. No other patient records, such as diagnosis, test results or doctors' notes, were breached.

Singapore will set up a commission of inquiry to look into the hack and immediately move to strengthen government defenses against cyber attacks, the Ministry of Communications said in a separate statement.

No further data was compromised following the discovery on July 4 and IHiS had deployed further measures to tighten the security of SingHealth's IT systems, including temporarily separating internet access from workstations, resetting user and systems accounts, and installing additional system monitoring controls.

MOH officials said this was not the work of casual hackers or criminal gangs but a deliberate and well-planned attack that sought to gather health information on the country's prime minister.

But authorities have put the brakes on these plans while they investigate the cyberattack.

At a multi-ministry press conference on Friday, the authorities said PM Lee's information was "specifically and repeatedly targeted". Perhaps they were hunting for some dark state secret, or at least something to embarrass me.

The hackers first broke into SingHealth's IT system via a front-end workstation, and later managed to obtain log-in details to assess the database, according to CSA's investigations.

According to the statement, SingHealth lodged a police report on 12 Jul 2018 and police investigation is ongoing. An SMS message will be sent to all patients over the next five days. "Singapore ranks among the leaders in cybersecurity, and we would like to see more governments follow their lead in disclosing breaches", he said in a statement.

Mr Iswaran said that "we must get to the bottom of this breach". "We have to go forward, to build a secure and Smart Nation".

Singapore govt health database hacked - Security