Medical data of 1.5 million Singaporeans, including PM, stolen

Hackers have stolen the medical information of 1.5 million Singaporeans, including that of Prime Minister Lee Hsien Loong, according to health officials. 

Singapore’s Ministry of Health said on Friday that patients who visited the specialist outpatient clinics and polyclinics of SingHealth – the country’s largest group of healthcare providers – from May 1, 2015, to July 4, 2018, “have had their non-medical personal particulars illegally accessed and copied”. 

“The attackers specifically and repeatedly targeted Prime Minister Lee Hsien Loong’s personal particulars,” the ministry added in a statement.

The breach took place between 27 June and 4 July, the day the hack was noticed by a security team, which immediately took action to prevent any further access for the hackers.

The data stolen from SingHealth’s database consists of names, addresses, gender, national registration number, race and date of birth.

According to the ministry, no medical records were accessed.

“No other patient records, such as diagnosis, test results or doctors’ notes, were breached,” the statement said.

After the hack was detected, the Cyber Security Agency of Singapore (CSA), Ministry of Health and SingHealth were informed.

The CSA and the Integrated Health Information System (IHiS) will start investigations into the hack, while SingHealth will get in touch with people who had their data stolen.

The ministry said the hack was planned well and executed by professionals.

“It was not the work of casual hackers or criminal gangs,” the ministry said.

“The Minister-in-Charge of Cyber Security will establish a Committee of Inquiry to conduct an independent external review of this incident,” the statement concluded.

As a result of the hack, IHiS has been instructed to conduct a thorough review of the public healthcare system in an attempt to prevent future hacks from taking place.