Hackers have breached the Singapore government’s health database with a “deliberate, targeted and well-planned” cyberattack, accessing the data of about 1.5 million patients, including Prime Minister Lee Hsien Loong, for almost a week.

The cybercriminals initially breached a front-end workstation to gain privileged account credentials to obtain privileged access into the database. Officials said they detected unusual activity on July 4, but the hack began on June 27.

The investigation found the hackers didn’t tamper with the records, rather they exfiltrated the data. Officials said the attack was well-planned and wasn’t the work of “casual hackers or criminal gangs.”

According to the official statement, hackers targeted clinical visits between May 1, 2015 and July 4, 2018. All patients who visited SingHealth’s outpatient clinics and polyclinics during that time period were included in the breach. Patient care was not disrupted during the attack.

The stolen data contained demographic information and patient identification numbers. Medical information like diagnoses and test results weren’t included. However, for 160,000 patients, including the prime minister, the hackers stole data on outpatient-dispensed medications.

Upon discovery, officials said they immediately worked to stop further unauthorised access and notified authorities to investigate. During that time, the hackers continued their attempts to access the system. But all suspicious activity ended on July 4.

Since the attack, the health system has tightened up its security measures, which included temporarily “imposing internet surfing separation.” Officials said they’ve also increased controls on workstations and servers, reset user and systems accounts, and installed additional system monitoring controls.

“Similar measures are being put in place for IT systems across the public healthcare sector against this threat,” officials said. 

“The Ministry of Health has directed [the health system] to conduct a thorough review of our public healthcare system, with support from third-party experts, to improve cyber threat prevention, detection and response.”

“Areas of review will include cybersecurity policies, threat management processes, IT system controls, and organisational and staff capabilities,” officials said. 

“Advisories have been sent to all healthcare institutions, public and private, on the cybersecurity precautions and measures to be taken.”

The government’s minister in charge of cybersecurity will be establishing an inquiry committee to externally review the cyberattack. 

[Read more: Privacy Commissioner to release delayed data breach report next week but My Health Record adopts a different definition | Technical chaos and privacy backlash as My Health Record opt out period begins]

The Singapore attack serves as a reminder that countries and government health services continue to be targeted by hackers.

The news comes as the Australian government faces questions over the security of its My Health Record, which was also built by Accenture, since the opt out period began on Monday. Australians have until October 15 to opt out of the national health database or a My Health Record will be created for them by the end of the year. About 6 million currently have a My Health Record.

A disastrous start to the opt out period this week saw tech meltdowns and the discovery by many people that My Health Records had already been created for them without their consent. There were also numerous claims of incorrect information in records, including wrong data relating to doctors’ appointments and medications.

In the US, the state of Atlanta's government systems went down for several days after a targeted cyberattack, while Germany’s network was attacked by hackers who targeted the private network of the interior minister.

This year, the US and UK found the Russian government was behind the global Petya attack in June 2017. The wiper malware destroyed the IT systems of several major companies like FedEx and Merck, and several US health systems that had to replace entire networks to recover.

A version of this story was originally published on the US edition of Healthcare IT News.

To share tips, news or announcements, contact the HITNA editor on lynne.minion@himssmedia.com




White papers