Personal health data of 1.5 million Singaporeans, PM hacked

Singapore,   The personal health data of 1.5 million people, almost a quarter of the population, including the details of the city-state’s Prime Minister Lee Hsien Loong, have been hacked, a Health Ministry statement said on Friday.

The data of Lee, including information on his outpatient dispensed medicines, was “specifically and repeatedly targeted”. He has survived cancer twice.

The hackers broke into the government health database in a “deliberate, targeted and well-planned” attack, according to the government statement cited by the BBC. The hack compromised patients’ names, identity card (NRIC) number, address, gender, race and dates of birth.

Those targeted visited clinics between May 1, 2015 and July 4 this year.

“Information on the outpatient dispensed medicines of about 160,000 of these patients was also exfiltrated. The records were not tampered with, i.e. no records were amended or deleted. No other patient records, such as diagnosis, test results or doctors’ notes, were breached,” the statement said.

It appeared that a computer belonging to SingHealth, one of the state’s two major government healthcare groups, was infected with malware through which the hackers gained access to the database. They struck some time between June 27 and July 4, according to the government.

Following the hack, SingHealth has temporarily banned staff from accessing the Internet on all 28,000 of its work computers, according to the Straits Times.

The move was aimed at plugging leaks from work e-mails and shared documents as well as guarding against possible cyber-attacks. Other public healthcare institutions were expected to do the same.

SingHealth would be contacting the patients who had visited its specialist outpatient clinics and polyclinics during the period of hack to notify them of the breach.

The Health Ministry also ordered a review of the public healthcare system, to improve cyber threat prevention, detection and response.

“The government takes a serious view of any cyber attack, illegal access of data or action that compromises the confidentiality of data in Singapore,” the statement said, adding that an inquiry committee would be conducting an external probe of the breach.