1.5 Million Patient Records Hacked from Singapore's Largest Healthcare

1.5 Million Patient Records Hacked from Singapore’s Largest Healthcare

Reading Time: 2 minutes

Singapore’s Largest healthcare group – SingHealth – was the target of a massive data breach that enabled hackers to obtain personal information of over 1.5 Million patients who had used SingHealth’s services between May of 2015 and July of 2018.

SingHealth is the largest healthcare group in Singapore that services 2 hospitals, 5 national specialty locations and 8 polyclinics.

In statements released by Singapore’s Ministry of Health ( MOH ) and the Ministry of Communications and Information stated that a “well resourced, well-funded and highly sophisticated” nation-state actor is likely behind the unprecedented cyberattack on SingHealth’s database, which targeted Prime Minister Lee Hsien Loong’s personal and medical records, and made away with 1.5 million patients’.

According to this release, the Prime Minister, Lee Hsien Loong, was the target of repeated attacks that included the compromise of over 1.5 million patients. as well as “information on the outpatient dispensed medicines” of about 160,000 patients.

The data includes the standard personal information sets – patient’s name, address, gender, race, date of birth, and National Registration Identity Card (NRIC) numbers.

At this time no attribution has been made but the MOH stated that the targeted cyber attacks were “not the work of casual hackers or criminal gangs.” Local news have also been discussing that the attack may have been the work of state-sponsored hackers.

Investigations by the Cyber Security Agency of Singapore (CSA) and the Integrated Health Information System (IHiS) also confirmed that “this was a deliberate, targeted, and well-planned cyberattack.”

The Singapore government has reassured the citizens and users of SingHealth that no medical data was tampered with, deleted or otherwise modified and that no diagnoses, test results or doctors notes were stolen.

All affected patients will be contacted by the healthcare institution over the next five days.

With the recent uptick in attacks on health care organizations, we will be updating this article as more data is released

Leave a Reply

Your email address will not be published. Required fields are marked *