Singapore Hack Affects 1.5 Million â" Including Prime Minister
Hackers targeted the medical records of Singapore Prime Minister Lee Hsien Loong, in a widespread cyber attack.
(CNN) â" The largest healthcare provider in Singapore, SingHealth, has suffered a massive data breach affecting a huge portion of the city-stateâs population, including Prime Minister Lee Hsien Loong, the Singapore Ministry of Health announced Friday.
Some 1.5 million people who visited specialist outpatient clinics and polyclinics run by the company over a three-year period were affected, authorities said. Singapore is home to 5.6 million people, according to the latest population estimates.
âThe security and confidentiality of patient information is a top priority,â Prime Minister Lee said Friday in a Facebook post responding to the hack.
âWe are convenin g a Committee of Inquiry to look thoroughly into this incident. It will doubtless have valuable conclusions and recommendations, which will help us do better,â he said.
Attackers were able to infiltrate SingHealthâs system, and illegally access and copy what the company called the ânon-medical personal particularsâ of people who visited the clinics from May 2015 until July 4 this year. That includes names, addresses, dates of birth and identity card information.
The outpatient medication data of some 160,000 patients was also compromised, including Lee, who said he was specifically targeted.
âI donât know what the attackers were hoping to find. Perhaps they were hunting for some dark state secret, or at least something to embarrass me. If so, they would have been disappointed,â he said.
Singaporeâs Health Ministry said that hackers did not access any diagnoses, test results or doctorsâ notes. In a separate Facebook post, the company said the attackers were not able to obtain any patient phone numbers or financial information.
A police investigation is continuing.
Authorities first noticed unusual activity in one of SingHealthâs IT databases on July 4, according to the Health Ministryâs news release. It was confirmed to be a cyberattack six days later. The attackers were found to have breached a front-end workstation to obtain privileged credentials.
âThis was a deliberate, targeted and well-planned cyberattack. It was not the work of casual hackers or criminal gangs,â the Health Ministry said.
The company provided a website so customers can check if they were among those affected and is contacting all patients.
Eric Hoh, a top executive at the cybersecurity firm FireEye, said he believes this incident should serve as a wake-up call to some of Singaporeâs neighbors.
âMany businesses and governments in Southeast Asia face cyber threats, but few recognize the scale of the risks they pose. Singapore ranks among the leaders in cybersecurity, and we would like to see more governments follow their lead in disclosing breaches,â he said in a statement.
âThere are no quick fixes to the cybersecurity challenge, and breaches are inevitable. Itâs important that business and governments work together to improve our collective security so that when breaches do occur, we can minimize the consequences.â
â¢ & Â© 2018 Cable News Network, Inc., a Time Warner Company. All rights reserved.