SINGAPORE: The personal information of 1.5 million people were stolen in a cyberattack on SingHealth's database, in what authorities have described as the "most serious personal data breach" in Singapore’s history.
To illustrate just how serious it was, the attack also “specifically and repeatedly” targeted Prime Minister Lee Hsien Loong’s personal particulars and outpatient medication data.
Emeritus Senior Minister Goh Chok Tong also revealed in a Facebook post that his "non-medical personal particulars" with SingHealth had been stolen.
Confidential records belonging to the 1.5 million patients, including their names, NRIC numbers and addresses, were illegally accessed and copied. Of this group, 160,000 had their dispensed medicines’ records stolen too.
Here’s what you need to know:
On Jul 4, administrators detected unusual activity on one of SingHealth’s IT databases and “acted immediately” to halt the activity. As investigations continued, they implemented additional cybersecurity precautions.
Six days later, investigations confirmed that it was a cyberattack, and the Ministry of Health, SingHealth and Cyber Security Agency of Singapore (CSA) were informed. It was established that data was stolen from Jun 27 to Jul 4.
SingHealth lodged a police report on Jul 12.
2) How did it happen?
It has been established that the attackers accessed the SingHealth IT system through an initial breach on a front-end work station.
They then managed to obtain privileged account credentials to access to the database.
3) Who’s affected?
If you visited one of SingHealth’s specialist outpatient clinics or polyclinics between May 1, 2015 and Jul 4, 2018, chances are that you are affected.
Over the next five days, SingHealth will send a text message to each of the 1.5 million patients affected and inform them if their records were stolen. Those without a registered mobile number will be sent a letter within the next week.
Patients can also access this URL to check if their data were compromised.
4) What to do if you are affected?
Health Minister Gan Kim Yong said that those affected should look out for “abnormalities” and “unusual activities” in their emails and transactions. If anything looks out of place, contact the authorities immediately.
Those whose medicine records were stolen will also be given a hotline number to call.
5) Should you be worried?
In short, not really, said the authorities. CSA chief executive David Koh said the stolen information are “basic demographic data”.
“We are watching to see if anything appears on the Internet both in the open and in some of the less well-known websites,” he added, noting that this has occasionally happened in past data breaches.
“But considering the type of data that’s been exfiltrated, it is – from our professional experience – unlikely that these will appear, because there is no strong commercial value to these types of data.”
Communications and Information Minister S Iswaran said breaches of this scale are not uncommon in other countries. For example, the UK’s National Health Service has been hacked before.
“These occurrences have happened even in some of the most secure systems around the world,” he added. “So I think we have to keep the incident in perspective and then allow due process to take its course.”
5) What’s the extent of the hacking?
Crucial patient records, such as diagnosis, tests results or doctor’s notes, were not stolen. None of the stolen data have been published in the public domain either.
There has also been no evidence of a similar breach in the other public healthcare and Government IT systems.
6) What’s next?
In addition to police investigations, a Committee of Inquiry will be set up to establish the events and contributing factors leading to the attack and the response to the incident. The committee will also make recommendations on improvements.
Authorities will also conduct a “thorough review” of the public healthcare system with the help of third-party experts to improve cyberattack prevention, detection and response.
Outside healthcare, the CSA will work closely with key sectors such as banking and finance to improve the security of their Critical Information Infrastructure systems.
7) Who’s responsible for the attack?
Channel NewsAsia understands that authorities know who might be behind the attack. There are only a few countries in the world who have shown this level of sophistication when it comes to cyberattacks.
When pressed further, Mr Koh apologised, saying: “We are not able to reveal more because of operational security reasons.”