Hackers have successfully accessed to a health database of the Singapore government (SingHealth), letting them view the health files of 1.5 million people, including the health files of Prime Minister Lee Hsien Loong.
Access to the database was obtained via a front-end workstation which provided the attackers with favored access to the database. The data breach was found on July 4, 2018 when doubtful activity connecting to the database was known, even though an inquiry into the data breach disclosed access was first gained a week earlier on June 27. Between June 27 and July 4. Some of the information in the databank was copied and downloaded by the attackers.
A statement concerning the breach was released by the Singapore Ministry of Health confirming that roughly 1.5 million people were impacted by the breach. Those people had visited outpatient clinics and polyclinics in Singapore between May 1, 2016 and July 4, 2018.
Had the attack not been stopped on July 4, additional data might have been exfiltrated. Efforts to access the SingHealth database continued after access had been stopped. The breach was restricted to one SingHealth database. No other public healthcare IT system was undermined.
The information that was exfiltrated was restricted to names, dates of birth, addresses, NRIC numbers, and details of the sex and race of each patient. Details of the medicines that were dispensed to 160,000 patients at outpatient clinics were also copied by the attackers.
As per the Cyber Security Agency of Singapore (CSA), this was “an intentional, aimed and well-planned cyberattack. It was not the work of careless hackers or illegal gangs.” Further, this cyberattack involved recurrent attempts to gain access to Prime Minister Lee Hsien Loong’s private health data and details of his outpatient medicines.
The Singapore Ministry of Health has ordered the Integrated Health Information System (IHIS) to carry out a detailed analysis of the public healthcare system including plans, threat management procedures, IT control systems, and staff abilities. Third-party cybersecurity specialists are helping IHIS and cyber threat protection actions are being improved to avoid more attempts to gain access to patient data. Extra controls are also being applied to make sure that any more breach is swiftly found and alleviated.