Singapore: Hackers steal 1.5m patients' health records
July 20, 2018
Singapore's government on Friday described the cyberattack on its public health system as "serious, unprecedented and massive."
A forensic probe launched by the city-state's Cyber Security Agency (CSA) found that hackers stole three years' worth of the personal data belonging to some 1.5 million people — including names, national identification numbers, addresses, genders, race and dates of birth.
Details of medicines prescribed to 160,000 of the 1.5 million affected patients were also stolen.
The investigation "indicates this is a deliberate, targeted, and well-planned cyberattack and not the work of casual hackers or criminal gangs," Singapore Health Minister Gan Kim Yong told a press conference.
According to authorities, hackers used a malware-infected computer to gain access to the database at some point between June 27 and July 4, before administrators spotted "unusual activity." However, officials insisted that records relating to patients' test results and diagnoses were not compromised.
Authorities also refused to comment on the identity of the hackers, citing "operational security."
Read more: Opinion: The new digital insecurity
Prime minister targeted
According to officials, hackers were specifically trying to access the health records of Singapore Prime Minister Lee Hsien Loong, a two-time cancer survivor.
"Attackers specifically and repeatedly targeted the personal particulars and outpatient information of Prime Minister Lee Hsien Loong," Gan told reporters.
Lee took to Facebook following news of the data breach, saying he was not sure what the attackers were hoping to find.
Read more: Cybersecurity: Why it's 'hard to protect yourself' online
"I don't know what the attackers were hoping to find. Perhaps they were hunting for some dark state secret, or at least something to embarrass me," Lee wrote. "My medication data is not something I would ordinarily tell people about, but there is nothing alarming in it."
By Friday evening, the prime minister's medical data had not been made publicly available online.
The latest data breach is the largest to date on the wealthy, hyper-connected city-state. A separate cyberattack on the Defense Ministry in 2017 resulted in the theft of personal data belonging to around 850 national servicemen and employees.
dm/tj (Reuters, AP, AFP, dpa)
Each evening at 1830 UTC, DW's editors send out a selection of the day's hard news and quality feature journalism. You can sign up to receive it directly here.