Hackers have successfully gained access to a health database of the Singapore government (SingHealth), allowing them to view the health records of 1.5 million individuals, including the health records of Prime Minister Lee Hsien Loong.
Access to the database was gained through a front-end workstation which provided the attackers with privileged access to the database. The data breach was detected on July 4, 2018 when suspicious activity relating to the database was identified, although an investigation into the data breach revealed access was first gained a week previously on June 27. Between June 27 and July 4, Some of the information in the database was copied and downloaded by the attackers.
A statement about the breach was issued by the Singapore Ministry of Health confirming that approximately 1.5 million individuals were impacted by the breach. Those individuals had visited outpatient clinics and polyclinics in Singapore between May 1, 2016 and July 4, 2018.
Had the attack not been thwarted on July 4, further data may have been exfiltrated. Attempts to access the SingHealth database continued after access had been blocked. The breach was limited to one SingHealth database. No other public healthcare IT system was compromised.
The information that was exfiltrated was limited to names, NRIC numbers, addresses, dates of birth, and details of the gender and race of each patient. Details of the medications that were dispensed to 160,000 patients at outpatient clinics were also downloaded by the attackers.
According to the Cyber Security Agency of Singapore (CSA), this was “a deliberate, targeted and well-planned cyberattack. It was not the work of casual hackers or criminal gangs.” Further, this cyberattack involved repeated attempts to gain access to Prime Minister Lee Hsien Loong’s personal health data and details of his outpatient medications.
The Singapore Ministry of Health has directed the Integrated Health Information System (IHiS) to conduct a thorough review of the public healthcare system including policies, threat management processes, IT control systems, and staff capabilities. Third-party cybersecurity experts are assisting IHiS and cyber threat protection measures are being augmented to prevent further attempts to gain access to patient data. Additional controls are also being implemented to ensure that any further breach is rapidly detected and mitigated.