The Ministry of Health (MoH) and the Ministry of Communications and Information (MCI) had issued a joint statement regarding the major cyber-attack that had compromised some 1.5 million Singhealth patient records. The cyber-attack, according to the Cyber Security Agency of Singapore (CSA), had been well-orchestrated and could not have been performed by regular hackers to cause such a major breach of most of Singapore’s healthcare information, including that of Prime Minister Lee Hsien Loong’s.
The database of over 1.5 million patients who have visited Singhealth’s specialist outpatient clinics and polyclinics between May 1 2015 and July 4 2018 had their non-medical personal information which include their name, address, gender, NRIC number, race and date of birth, as well as information on outpatient dispensed medications of around 160,000 of these patients, illegally accessed and copied according to an investigation done by the CSA.
Over 1.5 million SingHealth Patients’ Record Breached by Major Cyber-Attack, MOH and MCI Release Joint Statement
According to the investigation done by the Cyber Security Agency (CSA) of Singapore together with the Integrated Health Information System (IHiS), the breach had been a well-organized, targeted effort of an attack, which could not have been possibly launched by regular hackers or criminal gangs.
The CSA and IHiS had revealed that the attack had repeatedly targeted Prime Minister Lee’s personal particulars and medical information particularly his outpatient dispensed medications.
The MOH had ordered the IHiS to perform a thorough investigation and review of Singapore’s public healthcare system in coordination with third-party industry experts to improve overall cyber threat prevention, detection, and response measures. The IHiS will particularly look into the system’s cyber security policies, threat management protocols, IT systems management, as well as organizational and staff support.
Issue-pertinent advisories have been disseminated to all involved healthcare institutions – both private and public, regarding the necessary and timely cyber security precautions and actions to be taken. The Singapore government, as it is heavily invested and involved in the country’s technological advancement and security management, seriously views and deals with any cyber threat, illegal data breach, or any activity that may compromise the confidentiality of data in the country as a whole.
In regard to this matter, the Minister-in-Charge of Cyber Security has been tasked to form a Committee of Inquiry that will perform an independent external review of the matter.