On July 10 2018, investigations on a SingHealth cyberattack confirmed that the attack had indeed taken place.
The Ministry of Communications and Information (MCI), and Ministry of Health (MOH) say this "was not the work of casual hackers or criminal gangs " in a joint statement issued today (20 July). Furthermore, they called the attacks deliberate, targetted and well-planned.
It is also Singapore's most serious personal data breach to date, reports Channel NewsAsia.
SingHealth Cyberattack 2018: What Do We Know?
- 1.5 million patients had their non-medical records illegally accessed and copied in the attack. These details include name, NRIC, address and date of birth.
- Around 160,000 of these patients have also had their outpatient medicine records leaked.
- The technology agency for Singapore's public healthcare sector – the Integrated Health Informations System (IHis) – first noticed unusual activity on a SingHealth IT database on June 4 2018.
- Investigations reveal that the data breach occurred on June 27 to July 4 2018.
- "Specifically and repeatedly" targetted were Prime Minister Lee Hsien Loong’s personal and medical data and information.
- SingHealth lodged a police report on July 12.
www.facebook.com/leehsienloong/posts/1957979740931389
What What Will Happen Now?
If you or your family are among the 1.5 million people in Singapore who visited SingHealth's specialist outpatient clinics and polyclinics from May 1, 2015 to July 4, 2018, the following emergency measures will be implemented:
- Starting this evening (20 July 2018) and over the next five days, you will get a text message from SingHealth.
- This will let you know if your medicine records are part of the data breach.
- If you do not have a registered mobile number, you should get a letter within a week with the same information.
- Individuals with compromised records will get a hotline number to call.
“Patients can also access the Health Buddy mobile app or SingHealth website to check if they are affected by this incident,” the Ministry of Communications and Information (MCI) and Ministry of Health (MOH) said in a joint statement today.
Reports confirm that "no other patient records, such as diagnosis, tests results or doctor’s notes, were breached."
What Next?
CNA reports that Minister-in-charge of Cybersecurity S Iswarana will convene a Committee of Inquiry (COI). Also, retired Senior District Judge and Public Service Commission member Richard Magnus will reportedly chair the COI.
The Government meanwhile, has promised to take immediate measures to beef up its IT systems against future attacks.
In this light, "Mr Iswaran has directed the Cyber Security Agency of Singapore to work closely with key sectors – including the energy and banking and finance industries – to improve the security of their Critical Information Infrastructure systems," reports CNA.
Source: Channel NewsAsia