SingHealth data breach: Millions of patients' data stolen including medical details of PM Lee by sophisticated hackers

After university research paper hack by alleged Iran-based hackers, this is the second cyber attack that shook Singapore.

Singapore universities cyber attack
Singapore universities cyber attack (Representational picture) Pixabay

Singapore has faced another cyber threat after a total of 1.5 million SingHealth patients' non-medical personal data were stolen last month. The Ministry of Communications and Information (MCI) and Ministry of Health (MOH) have stated on Friday, July 20 that the hackers had accessed to the 160,000 patients' records of dispensed medicines.

After the investigation by the Cyber Security Agency of Singapore (CSA), officials confirmed that the cyber-attack was conducted deliberately and was planned perfectly by an anonymous professional hacking group or criminal gangs.

But the CSA chief executive David Koh said that since the investigation is still going on, they would not be able to reveal more details about their findings, when he was asked to name a suspected country or group.

Singapore PM Lee
Singapore's PM Lee Reuters

However, Koh also added that that the Prime Minister Lee Hsien Loong's personal particulars and information of his outpatient dispensed medicines were also accessed and copied by the hacking group. As reported apart from PM Lee there are other ministers, including Emeritus Senior Minister Goh Chok Tong, were affected due to the cyber breach.

The stolen data includes the name of the patients, address, gender, race, date of birth and their NRIC numbers. But, as mentioned in the news release the ministries stated that patients' medical records, as well as the details of their doctors, their previous diagnosis and health scan data, were not among those affected details and in addition they clearly said that as of now they could not find any evidence of cyber theft in other public healthcare IT systems.

During the press conference on Friday, Health Minister Gan Kim Yong called this attack "unprecedented" and apologised to those affected patients. He also said that the time has come to learn from this cyber threat incident.

S Iswaran, the Communications and Information Minister was also said that the Government will look into this breach with utmost seriousness and will ensure the security of public sector IT systems as well as the databases.

Later, minister Tong wrote in a Facebook post that his non-medical personal particulars with SingHealth had also been stolen. In the same post, he also added that such theft is the main risk when it comes to the digitalization but "we cannot stop the digital advance and must strive to build the most secure Smart Nation."

University data breach
University data breach Reuters and Facebook

Just a few months ago, an Iran-based hacking group allegedly stole data from Singapore's Nanyang Technological University (NTU), National University of Singapore (NUS), Singapore University of Technology and Design and Singapore Management University. After that first incident, again on July 4, Integrated Health Information Systems (IHIS) detected suspicious activity on one of SingHealth's IT databases. Until July 9 they monitored the network traffic and on July 10, they informed MOH, SingHealth and CSA to look into the matter.

Later, the investigators found that the data was stolen from Jun 27 to Jul 4. They also came to know that patients' records, as well as details about their visit to the SingHealth's specialist outpatient clinics and polyclinics between May 1, 2015, and Jul 4, 2018, were accessed and copied by the hackers.

While explaining how this cyber-attack took place, the CSA officials stated that first the hackers targeted the network after breaching a front-end workstation and they managed to get the access to the database. They also said that during the hack the criminal group also cleaned every fingerprint to hide the cyber violation.

The miniseries assured that they have tightened SingHealth's IT security and imposed Internet separation policies to secure the data from further cyber threats. They also have introduced additional controls, reset the user and systems accounts as well as installed more systems for monitoring purpose.

Meanwhile, the SingHealth have decided to contact the affected patients to inform them about their stolen data. But, the news release stated that all the patients including the unaffected visitors also can expect one SMSto provide notification, in the next few days. All the patients and visitors are also allowed to check their details via the Health Buddy mobile app or SingHealth website to make sure whether their details were stolen or not.

S Iswaran said on Friday that the CAS will look into the major sectors such as energy, water, banking and finance, healthcare, transport, Infocomm, media, security and emergency services and government to ensure that such cyber attackers would not succeed if they target these key sectors.

He also mentioned that since it is impossible to go back to the time of paper and pencil just to avoid such cyber violations, he assured that the administration will do their best to secure the IT system by developing new techniques and will mark the weaknesses in the IT system that will help to prevent such threats.

This article was first published on July 21, 2018