SingHealth is target of a major cyberattack, 1.5 million patients’ data accessed


SingHealth’s database containing patient personal particulars and outpatient dispensed medicines has been the target of a major cyber attack. 

The Minister-in-Charge of Cyber Security will establish a Committee of Inquiry to conduct an independent external review of this incident

Screen Shot 2018-07-18 at 6.38.53 PM

About 1.5 million patients who visited SingHealth’s specialist outpatient clinics and polyclinics from 1 May 2015 to 4 July 2018 have had their non-medical, demographic data such as personal particulars – name, NRIC number, address, gender, race, and date of birth, illegally accessed and copied.

Information on the outpatient dispensed medicines of about 160,000 of these patients was also exfiltrated. None of the records have been tampered with i.e. no records were amended or deleted. Specifically, no other patient records, such as diagnosis, test results or doctors’ notes, were breached.

The attackers also specifically and repeatedly targeted Singapore Prime Minister Lee Hsien Loong’s personal particulars and information on his outpatient dispensed medicines.

“We have not found evidence of a similar breach in the other public healthcare IT systems,”  said a joint press release by MCI and MOH.

Who is responsible?

Investigations by the Cyber Security Agency of Singapore (CSA) and the Integrated Health Information System (IHiS) confirmed that this was a deliberate, targeted and well-planned cyberattack. It was not the work of casual hackers or criminal gangs.

When asked to comment in the press conference on which country might have been possibly involved, CSA Chief David Koh said. ” I apologize. We are not able to reveal more because of operational security reasons.”

What happened?

On 4 July 2018, IHiS’ database administrators detected unusual activity on one of SingHealth’s IT databases and acted on it immediately to halt the activity. IHiS investigated the incident to ascertain the nature of the activity, while putting in place additional cybersecurity precautions.

On 10 July 2018, investigations confirmed that it was a cyberattack, and the Ministry of Health (MOH), SingHealth and CSA were informed. It was established that data was exfiltrated from 27 June 2018 to 4 July 2018 following which SingHealth lodged a police report on 12 Jul 2018.

CSA has ascertained that the cyber attackers accessed the SingHealth IT system through an initial breach on a particular front-end workstation. They subsequently managed to obtain privileged account credentials to gain privileged access to the database.

 No further illegal exfiltration has been detected since 4 July 2018. All patient records in SingHealth’s IT system remain intact. There has been no disruption of healthcare services during the period of the cyberattack, and patient care has not been compromised.

What next? 

From today, SingHealth will be progressively contacting all patients who visited its specialist outpatient clinics and polyclinics from 1 May 2015 to 4 July 2018, to notify them if their data had been illegally exfiltrated. All the patients, whether or not their data were compromised, will receive an SMS notification over the next five days. Patients can also access the Health Buddy mobile app or SingHealth website to check if they are affected by this incident.

Health Minister Gan Kim Yong commented at the press conference, “This is a very serious, unprecedented, massive cyberattack on our healthcare cluster, SingHealth. I want to take this opportunity to once again, apologize to all patients who are affected by this and our priority now is to first reach out to these patients and engage them, explain to them and let them know the status of their information.

Secondly, our focus would be on continuously strengthening the system and look at how we can enhance our cybersecurity. We cannot assume that the threat has disappeared. We must continue to be vigilant and monitor our internet activities so that we can detect them early if there is indeed further intrusions. So we must not let our guards down. Next, we will continue to work with our healthcare clusters and CSI to support the work of the COI.”

Strengthening the security

MOH has directed IHiS to conduct a thorough review of the public healthcare system, with support from third-party experts, to improve cyber threat prevention, detection and response.

Areas of review will include cybersecurity policies, threat management processes, IT system controls and organisational and staff capabilities. Advisories have been sent to all healthcare institutions, public and private, on the cybersecurity precautions and measures to be taken.

For a country that is gearing up to empower its citizens by harnessing the power of technology through its Smart Nation initiative, this is a setback indeed.

Emeritus Senior Minister Goh Chok Tong, in a Facebook post commented “Cyber theft is a key risk when going digital. But we cannot stop the digital advance and must strive to build the most secure Smart Nation.”

Source: MCI press release