Singapore’s largest healthcare group, SingHealth, has suffered a massive data breach that allowed hackers to snatch personal information on 1.5 million patients who visited SingHealth clinics between May 2015 and July 2018.
SingHealth is the largest healthcare group in Singapore with 2 tertiary hospitals, 5 national specialty , and eight polyclinics.
According to an advisory released by Singapore’s Ministry of Health (MOH), along with the personal data, hackers also managed to stole ‘information on the outpatient dispensed medicines’ of about 160,000 patients, including Singapore’s Prime Minister Lee Hsien Loong, and few ministers.
“On 4 July 2018, IHiS’ database administrators detected unusual activity on one of SingHealth’s IT databases. They acted immediately to halt the activity,” MOH said.
The stolen data includes the patient’s name, address, gender, race, date of birth, and National Registration Identity Card (NRIC) numbers.
The Ministry of Health said the hackers “specifically and repeatedly” targeted the PM’s “personal particulars and information on his outpatient dispensed medicine.”
So far there’s no evidence of who was behind the attack, but the MOH stated that the cyber attack was “not the work of casual hackers or criminal gangs.” The local media is also speculating that the hack could be a work of state-sponsored hackers.
Investigations by the Cyber Security Agency of Singapore (CSA) and the Integrated Health Information System (IHiS) also confirmed that “this was a deliberate, targeted, and well-planned cyberattack.”