SingHealth, in Singapore, has suffered a massive data breach during a terrible cyber attack that allowed hackers to snatch personal information on 1.5 million patients who visited SingHealth clinics between May 2015 and July 2018.
As Singapore’s largest healthcare group, SingHealth is the largest healthcare group situated in Singapore with 2 tertiary hospitals, 5 national specialty , and eight polyclinics.
According to an advisory released by Singapore’s Ministry of Health (MOH), the IT department noticed unusual activity with their database on 4th July 2018, also along with the personal data, hackers also managed to stole ‘information on the outpatient dispensed medicines’ of about 160,000 patients, including Singapore’s Prime Minister Lee Hsien Loong, and few ministers.
“On 4 July 2018, IHiS’ database administrators detected unusual activity on one of SingHealth’s IT databases. They acted immediately to halt the activity,” MOH said.
The stolen data includes the patient’s name, address, gender, race, date of birth, and National Registration Identity Card (NRIC) numbers.
The Ministry of Health said the hackers “specifically and repeatedly” targeted the PM’s “personal particulars and information on his outpatient dispensed medicine.”
So far there’s no evidence of who was behind the attack, but the MOH stated that the cyber attack was “not the work of casual hackers or criminal gangs.” The local media is also speculating that the hack could be a work of state-sponsored hackers.
Investigations by the Cyber Security Agency of Singapore (CSA) and the Integrated Health Information System (IHiS) also confirmed that “this was a deliberate, targeted, and well-planned cyberattack.”
PM Comments On SingHealth Healthcare Data Breach
Commenting on the cyber attack through a Facebook post published today, Singapore’s Prime Minister said he believes that the attackers are “extremely skilled and determined” and they have “huge resources” to conduct such cyber attacks repeatedly.
The Singapore government has assured its citizens that no medical records were tampered, or deleted and that no diagnoses, test results, or doctors’ notes were stolen in the attack.
All affected patients will be contacted by the healthcare institution over the next five days.
Since the healthcare sector is part of the critical nation’s infrastructure, alongside water, electricity, and transport, it has increasingly become an attractive target for hackers.
In the past few years, we have reported several hacks and data breaches, targeting the healthcare sector. Just last month, it was revealed that DNA registries of more than 92 million MyHeritage customers were stolen in the previous year by some unknown hackers.
Earlier this year, it was reported that more than half of Norway’s population exposed its healthcare data in a massive data breach that targeted the country’s major healthcare organization.
Also, in this month hackers managed to compromise health care facilities, which very attacks is similar to the recent attack in America against LabCorp which also keeps millions of patients data at risk.
The foremost thing to protect against any data breach is to stay vigilant, as nobody knows when or where your stolen identities will be used. So, affected consumers will just have to remain mindful.
Felix Onyenobi is a technology enthusiast and loves to write. He is a co-founder at SkyNet Digital Agency. Also a web developer, Penetration tester and ethical hacker.