Hackers steal 1.5 million people's personal data in cyber attack on Singapore's health service

More than a quarter of city state's population illegally copied by hackers 'looking for embarrassing information about prime minister'

Chris Baynes
Friday 20 July 2018 12:43 BST
Data on more than a quarter of Singapore's population was stolen in a major cyber attack
Data on more than a quarter of Singapore's population was stolen in a major cyber attack (EPA)

Hackers have stolen personal information about 1.5 million people in a major cyber attack on the Singapore government’s health database.

More than a quarter of the city state’s population was affected by the “deliberate, targeted and well-planned” attack, in which data on patients who visited clinics between May 2015 and 4 July this year was illegally accessed and copied.

“It was not the work of casual hackers or criminal gangs,” the government said, adding those responsible had been looking to obtain personal details about the prime minister and the medicines he had been proscribed.

“The attackers specifically and repeatedly targeted Prime Minister Lee Hsien Loon’s personal particulars and information on his outpatient dispensed medicines,” said a joint statement by the Health Ministry and the Ministry of Communications and Information.

In a statement on his Facebook page, Mr Lee said: “I don’t know what the attackers were hoping to find. Perhaps they were hunting for some dark state secret, or at least something to embarrass me.

“If so, they would have been disappointed. My medication data is not something I would ordinarily tell people about, but there is nothing alarming in it.”

The prime minister was among 160,000 victims of the hack whose outpatient medication data was compromised.

Others had their name, national ID card number, address, gender, race and date of birth stolen.

The government called attack “the most serious breach of personal data” in Singapore’s history.

It said database administrators had detected "unusual activity on one of SingHealth’s IT databases" on 4 July and "investigated the incident to ascertain the nature of the activity, while putting in place additional cybersecurity precautions".

“Investigations by the Cyber Security Agency of Singapore (CSA) and the Integrated Health Information System (IHiS) confirmed that this was a deliberate, targeted and well-planned cyberattack,” the statement added.

Patient care was not affected, said the government, which has passed information of the hack to police.

A Committee of Inquiry will be established and immediate action will be taken to strengthen government systems against cyber attacks, the Ministry of Communications said in a separate statement.

It offered no suggestion as to who may have been behind the attack.

It comes after the highly digitalised state made cyber security a top priority for the 10-member Association of Southeast Asian Nations (ASEAN) group, which it is chairing this year.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies


Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in