Online attackers have breached Singapore's largest health care database and have stolen personal records belonging to about 1.5 million people, in a haul that included a list of the prime minister's medications, officials said Friday.
Forensic analysis by Singapore's Cyber Security Agency "indicates this is a deliberate, targeted, and well-planned cyberattack and not the work of casual hackers or criminal gangs", he added.
"The security and confidentiality of patient information is a top priority", Prime Minister Lee said Friday in a Facebook post responding to the hack.
"The attackers subsequently managed to obtain privileged account credentials to gain privileged access to the database", the ministry said.
The attack on SingHealth data involved people who visited outpatient clinics from May 2015 to July 4, when the cyber attack occurred. This information is typical personal identifiable information (PII) such as names, date of birth, gender, addresses, and race.
Patients' medical records, including past diagnoses, doctors' notes and health scans, were not affected. It was established that data was exfiltrated from 27 June 2018 to 4 July 2018.
A former judge is to head an inquiry into the incident.
Six days later, on July 10, the investigators confirmed that SingHealth's systems had come under a cyberattack, and informed the relevant parties.More news: Hundreds of White Helmet volunteers evacuated from Syria
More news: PM's pre-election shuffle eyes border, trade and bruising provincial relations
More news: Sen. Jeff Flake Delivers Rebuke Of Trump-Putin Summit
Of course, I also knew that the database would be attacked, and there was a risk that one day despite our best efforts it might be compromised.
The statement added there are no evidence of a similar breach in the other public healthcare IT systems. Gan said, "We are deeply sorry this has happened". These include temporarily imposing internet surfing separation.
Last month, Singapore's Cyber Security Agency (CSA) released a report which warned that cyber threats within the country had shown no signs of abating, mirroring the global cyber landscape where threats continued to grow in frequency and impact, including a shift from profit-motivated attacks to more massive disruptions.
As it could contain any amount and level of information, healthcare institutions are among the most sought-after industries by criminals who can be motivated by a multitude of possible reasons. The incident itself reinforces Singapore's longstanding worries about how cyberattacks could target important infrastructure and services such as healthcare.
SingHealth would be contacting the patients who had visited its specialist outpatient clinics and polyclinics during the period of hack to notify them of the breach.
Meanwhile, the SingHealth have chose to contact the affected patients to inform them about their stolen data.
Today's statement discloses that hackers stole non-medical personal data of Singaporeans.