Singapore Healthcare System Hacked
Singapore Healthcare System, SingHealth, was hacked. The personal data of 1.5 million patients was stolen. The Singapore hack did not involve medical data. The hackers obtained personal information such as names, identity card numbers, addresses, gender, race, and birthdates. The hack occurred between was stolen between 27 June and 4 July 2018. All patients’ affected by the hack had visited a SingHealth clinic or hospital during that timeframe. The hacked records included the personal data of Singapore’s Prime Minister, Lee Hsien Loong.
The identity numbers are used by Singapore citizens to access government services. In addition to the personal data, the hackers also accessed the prescription medications names of about 160,000 patients who were dispensed meds as outpatients. This number includes the Prime Minister. The 160,000 outpatients were part of the original 1.5 million affected.
In Facebook, Prime Minister, Lee Hsien Loong stated, “I don’t know what the attackers were hoping to find. Perhaps they were hunting for some dark state secret, or at least something to embarrass me. If so, they would have been disappointed. My medication data is not something I would ordinarily tell people about, but there is nothing alarming in it.”
The Prime Minister also that the Cyber Security Agency of Singapore – CSA and the Smart Nation and Digital Government Group to work together with the Ministry of Health, Singapore to secure citizen’s data and to increase their cyber security defenses.
Hackers gained access and launched the cyber attack by hacking a front-end workstation. Privileged login credentials were secured from the device and used to gain further access which allowed hackers to inject malware to infiltrate the system.
SingHealth posted a notification on their Facebook page. [Figure 1]
What is SingHealth?
SingHealth is Singapore’s largest healthcare group. SingHealth has two tertiary hospitals, five national specialty hospitals, and eight polyclinics.
SingHealth patients can check to see if they are involved in the cyber attack. The official website is https://datacheck.singhealth.com.sg/
Michelle writes about cyber security, data privacy focusing on social media privacy as well as how to protect your IoT devices. She has worked in internet technology for over 20 years and owns METRONY, LLC. Michelle earned a B.S. in Engineering from Rensselaer Polytechnic Institute. Michelle published a guide to Cyber Security for Business Travelers
