Singapore has reported a major cyberattack on the government health database. Hackers - who are allegedly state-sponsored - stole personal information of about 1.5 million people, including Singaporean Prime Minister Lee Hsien Loong. The government has called the cyberattack "the most serious breach of personal data" that Singapore has experienced.
"Investigations by the Cyber Security Agency of Singapore (CSA) and the Integrated Health Information System (IHiS) confirmed that this was a deliberate, targeted and well-planned cyberattack," a government statement said.
“It was not the work of casual hackers or criminal gangs."
The data breach exposes nearly 1.5 million people who may have visited hospitals between May 2015 and July 4, 2018. The attackers stole database that included patient names, gender, date of birth, and their addresses. Medical records, such as diagnoses, test results, or doctors’ notes, aren't at risk. The statement added that "information on the outpatient dispensed medicines of about 160,000 of these patients" was also taken.
According to a preliminary investigation, hackers had breached MOH's systems last month and had this access from June 27 to July 4 when officials discovered the breach.
Singapore's Prime Minister seems to have been the target
Today's statement discloses that hackers stole non-medical personal data of Singaporeans. However, this "well-planned" attack appears to have been targeted at the country's Prime Minister and other ministers who haven't been named.
"The attackers specifically and repeatedly targeted Prime Minister Lee Hsien Loong’s personal particulars and information on his outpatient dispensed medicines," the statement reads.
Lee is a cancer survivor. In a Facebook post, he wrote that attackers were probably looking for some dark secrets in an attempt to embarrass him.
I don’t know what the attackers were hoping to find. Perhaps they were hunting for some dark state secret, or at least something to embarrass me. If so, they would have been disappointed. My medication data is not something I would ordinarily tell people about, but there is nothing alarming in it.
The government hasn't revealed any details about the people or groups who may be behind this cyberattack on the digitalized state. The country has been applauded for its quick response and public disclosure. Singapore has assured everyone that no data was tampered with, amended or deleted. However, with countries going digital, there is always a threat of these attacks no matter how strong the security protections may be.