SingHealth, the largest healthcare group in Singapore has suffered a massive breach exposing personal information of 1.5 million patients.
The breach exposed personal data of patients who visited SingHealth clinics between May 1, 2015, to July 4 this year which includes Singapore’s Prime Minister Lee Hsien Loong and few other ministers.
According to the Joint press release by MCI (Ministry of Communication and MOH (Ministry of Health) data exposed includes name, NRIC number, address, gender, race, and date of birth.
Attackers also stole Information on the outpatient dispensed medicines of about 160,000.
The breach was first spotted by IHiS (Integrated Health Information System) database administrators who detected unusual activity in one of the SingHealth IT databases on July 4th.
According to MOH, the breach took place between June 27, 2018, and July 4, 2018.
“About 1.5 million patients who visited SingHealth’s specialist outpatient clinics and polyclinics from 1 May 2015 to 4 July 2018 have had their non-medical personal particulars illegally accessed and copied. The data taken include name, NRIC number, address, gender, race and date of birth. Information on the outpatient dispensed medicines of about 160,000 of these patients was also exfiltrated.”
The hackers specifically and repeatedly targeted Prime Minister Lee Hsien Loong’s personal particulars and information on his outpatient dispensed medicines.
Cyber Security Agency of Singapore (CSA) and the Integrated Health Information System (IHiS) has confirmed that it was well planned and targeted attack.
Singapore Prime minister responded to the attack in a Facebook post that “ I don’t know what the attackers were hoping to find. Perhaps they were hunting for some dark state secret or at least something to embarrass me. If so, they would have been disappointed. My medication data is not something I would ordinarily tell people about, but there is nothing alarming in it.”
Singapore government said they are working with cybersecurity experts and law enforcement authorities to investigate the breach and assured that no medical records were stolen.
All the patients will receive an SMS notification from SingHealth on whether their data were compromised or not over the next five days or patients check it by visiting SingHealth website or health buddy mobile app.