SingHealth which is the largest healthcare group in Singapore was hacked and personal information of 1.5 million patients who visited the SingHealth clinics between May 2015 and July 2018 was stolen. SingHealth has 2 tertiary hospitals, 5 national specialty and eight polyclinics.
As per the advisory released by Singapore’s Ministry of Health (MOH), besides personal data the attackers have also stolen the information on the outpatient dispensed medicines of around 160,000 patients which includes the Prime Minister of Singapore Mr.Lee Hsien Loong, and some of the ministers as well.
The stolen data consists of the patient’s name, address, gender, race, date of birth, and National Registration Identity Card (NRIC) numbers.
The Ministry of Health reported that the hackers have specifically and repeatedly targeted the PM’s personal particulars and information on his outpatient dispensed medicine.
The details regarding the attackers behind this breach are not found yet, but MOH reports that the data breach was not the usual work of uninhibited hackers or criminal gangs. The local media presumes that the attack may be done by some state-sponsored hackers.
Cyber Security Agency of Singapore (CSA) and the Integrated Health Information System (IHiS) also claim that it was a deliberate, targeted, and well-planned cyber-attack.
PM Comments On SingHealth Healthcare Data Breach
Singapore’s Prime Minister has commented on a Facebook post regarding the cyber attack that he trusts that the attackers are highly skilled and determined and they have large resources to conduct such cyber attacks repeatedly.
The Singapore government guarantees their citizens that their medical records were not altered or deleted and that the diagnoses, test results, or doctors’ notes were not stolen in the attack. The affected patients will be contacted by the healthcare institution within five days.
The healthcare sector is part of the nation’s infrastructure just like water, electricity, and transport and so this has become an engaging target for the malicious actors.
Numerous hacks and data breaches in the healthcare field were reported in the past few years. It was recently revealed that the DNA registries of more than 92 million MyHeritage customers were stolen in the previous year by some unknown hackers.
Similarly it was reported that more than half of Norway’s population exposed its healthcare data in a massive data breach that targeted the country’s major healthcare organization.
One of the most important thing to do in order to protect from any data breach is to stay vigilant, as you are not aware when or where your stolen identities will be used.