Personal info of 1.5m SingHealth patients, including PM Lee, stolen in S'pore's most serious cyber attack

Hackers have stolen the personal particulars of 1.5 million patients in Singapore's worst cyber attack.

This includes outpatient prescriptions of 160,000 people, including that of Prime Minister Lee Hsien Loong and a few ministers.

PM Lee said in a Facebook post regarding the cyber attack that the attackers targeted his own medication data "specifically and repeatedly".

"I don't know what the attackers were hoping to find," he wrote.

"Perhaps they were hunting for some dark state secret, or at least something to embarrass me. If so, they would have been disappointed.

"My medication data is not something I would ordinarily tell people about, but there is nothing alarming in it."

In a joint press release by Ministry of Communications and Information (MCI) and Ministry of Health (MOH), it was revealed that the 1.5 million patients affected had visited SingHealth's specialist outpatient clinics and polyclinics from May 1, 2015 to July 4, 2018.

The data taken include name, NRIC number, address, gender, race and date of birth.

The records were not tampered with and no other patient records including diagnosis, test results or doctors' notes were breached.

There was no evidence of a similar breach in other public healthcare IT systems.

"Investigations by the Cyber Security Agency of Singapore (CSA) and the Integrated Health Information System (IHiS) confirmed that this was a deliberate, targeted and well-planned cyberattack," said the statement.

"It was not the work of casual hackers or criminal gangs."

In a multi-ministry press conference on Friday (July 20), Health Minister Gan Kim Yong and Minister for Communications and Information S. Iswaran Both described the leak as the most serious, unprecedented breach of personal data in Singapore, reports The Straits Times.

Mr Gan apologised to the affected patients, saying: “We are deeply sorry this has happened.”

Unusual activity on one of SingHealth's IT databases was first detected on July 4. Immediate action was taken to halt the activity and MOH, SingHealth and CSA were informed once investigations confirmed that it was a cyber attack.

SingHealth lodged a police report on July 12 and police investigations are ongoing.

No further data has been stolen since July 4 and all patient records in SingHealth's IT system remain intact and there has been no disruption of healthcare services.

SingHealth will be progressively contacting all patients who visited its specialist outpatient clinics and polyclinics from May 1, 2015 to July 4, 2018 to notify them if their data had been illegally exfiltrated.

An SMS notification will be sent out to all the patients over the next five days. Patients can also access the Health Buddy mobile app or SingHealth website to check if they are affected by this incident.

PM Lee said that he has ordered the CSA and the Smart Nation and Digital Government Group (SNDGG) to work together with the MOH to "tighten up their defences and processes across the board.

"We are convening a Committee of Inquiry to look thoroughly into this incident," he said.

MOH has directed a thorough review of the public healthcare system to improve cybersecurity and all public and private healthcare institutions have been advised to take cybersecurity precautions.

"We cannot go back to paper records and files. We have to go forward, to build a secure and smart nation," said PM Lee.