1.5 million patients' data stolen in the biggest Singapore cyber attack

Prime Minister Lee Hsien Loong was also affected by the breach

Singapore suffers the biggest cyberattack in history: 1.5 million people affected

As called by Singaporean government, “the most serious breach of personal data” occurred last month from June 27 to July 4 and exposed 1.5 million patients', including Prime Minister Lee Hsien Loong's personal information. The attack targeted all major hospital networks and clinics, was deliberate and well planned, most likely executed by sophisticated hacker group and not novice cybercrooks. According to the statement, no attempt was made to delete or modify data in any way.

The personal data stolen included patients' name, address, date of birth, gender, race, and NRIC numbers. Additionally, prescription records of 160,000 people were also accessed, including the Prime Minister. According to the report, hackers deliberately targeted Lee Hsien Loong's outpatient dispensed medicines records.

It is yet unclear due to what reasons the Minister was targeted, but he was not the only one – among the affected ones was also Emeritus Senior Minister Goh Chok Tong. The Prime Minister expressed his concerns in a Facebook post^[1] on Fiday:

I don’t know what the attackers were hoping to find. Perhaps they were hunting for some dark state secret, or at least something to embarrass me. If so, they would have been disappointed. My medication data is not something I would ordinarily tell people about, but there is nothing alarming in it.

The major cyber attack affected the personal information of people who used various hospital services over a three-year period, namely from May 2015 to July 2018, as stated by officials. The breach affected more than a quarter of Singapore's population.

Patients rushed to find out if whether or not they are affected by the data breach

Although some of the sensitive data were stolen, it did not contain financial information, phone numbers or other private medical records.

It is not surprising that such data leak made several thousand people quite worried, as they did not know if they are affected in the first place. According to ChannelNews Asia,^[2] over 700,000 SMS messages were sent to patients, informing them whether or not their personal records were compromised.

SingHealth^[3] (Singapore Health Services) reported that around 139,000 patients visited the Health Buddy app in order to find out if they were affected. Additionally, the institution also got 4,800 and 750 emails asking same questions.

Unfortunately, some of the elderly had troubles with accessing the app or did not have their telephone number registered. The government was quick to assure that everybody will receive a letter via the post, which will include all relevant information regarding the breach.

An attack was carried out by sophisticated criminals

While the breach is very new, the investigation by Singapore authorities is still on-going.

The unusual activity was first spotted on July 4, when IHIS database administrators noticed that somebody is tampering with servers. The staff actively tried to stop the attack, while carrying out several investigations in the background. They also took into account the situation and placed additional security measures during this critical time.

For the next five days, IT specialists were monitoring the suspicious activity and, when they realized it was a security breach, instantaneously informed the superiors. On the 10th of July, SingHealth, MOH and CSA were notified, and the forensic investigation began.

CSA informed that cybercriminals managed to breach the front-end machine and gained privileged access to specific databases. Hackers also managed to cleverly hide their footprints while performing the operation.

It was also reported that the attacks were ongoing since 4 of July, but no more data was breached. The ministries also said that that the health care services were not disrupted during or after the incident.

Cybersecurity researchers warn: centralized databases pose a serious risk

The incident in Singapore is a prime example of how centralized databases of sensitive information and digitized governmental services can pose a risk to personal data. It is not surprising, as it is not the first time healthcare organizations were affected: US health insurer Anthem Inc. lost data of 80 million users^[4] to hackers in 2015. The major cyber attack WannaCry^[5] also affected multiple hospitals around the world, including the UK's NHS service.

Singapore, just like many other countries, is heavily suffering from cyber threats and are actively trying to reduce the number of attacks, as well as investing and working with cybersecurity experts. The authorities are working on a more sophisticated technology that includes face recognition and fingerprints that would be used to regulate access.

Data protection is going to be one of the most critical tasks in the 21st century, as technologies are becoming more advanced, new measures need to be undertaken. The Singapore healthcare data breach proved that nobody is safe in a vast cybersecurity space.