CFA Society Singapore
SINGAPORE (July 20): Hackers have infiltrated Singapore's government health database in the country's worst breach of personal data, stealing records on 1.5 million patients including the prime minister's own personal drug prescriptions, the government said on Friday.
Government officials did not say who might have been behind the attack, but a joint statement by the health and communications ministries suggested a high degree of sophistication.
"Investigations by the Cyber Security Agency of Singapore (CSA) and the Integrated Health Information System (IHiS) confirmed that this was a deliberate, targeted and well-planned cyberattack," the statement said.
“It was not the work of casual hackers or criminal gangs."
The hackers stole personal details and prescription records of patients who visited Singapore's outpatient clinics between May 1, 2015 and July 4 of this year, the statement said.
"The attackers specifically and repeatedly targeted Prime Minister Lee Hsien Loong’s personal particulars and information on his outpatient dispensed medicines," the statement said.
Prime Minister Lee said in a Facebook post that he did not know what information the attackers were hoping to find.
“My medication data is not something I would ordinarily tell people about, but there is nothing alarming in it," he said.
Major cyber attacks have been rare in Singapore, which has invested heavily in cyber security over the past decade. The attack comes as the highly wired and digitalised state has made cyber security a top priority both at home and for its neighbours in the Asean regional bloc.
A Health Ministry official, who asked not to be named, said there may be "some inconvenience" as a result of the hack but the full extent of the impact was not immediately clear.
State-actors were likely behind Singapore's biggest ever cyberattack to date, security experts told AFP, citing the scale and sophistication of the hack which hit medical data of about a quarter of the population.
While officials refused to comment on the identity of the hackers citing "operational security", experts told AFP that the complexity of the attack and its focus on high-profile targets like the prime minister pointed to the hand of a state-actor.
"A cyber espionage threat actor could leverage disclosure of sensitive health information... to coerce an individual in (a) position of interest to conduct espionage" on its behalf, said Eric Hoh, Asia-Pacific president of cybersecurity firm FireEye.
Hoh told national broadcaster Channel NewsAsia that the attack was an "advanced persistent threat".
"The nature of such attacks are that they are conducted by nation states using very advanced tools," he said.
"They tend to be well resourced, well-funded and highly sophisticated."
Cyber attacks on healthcare systems have surged in recent years around the globe because medical records can provide information valuable both to government spy agencies and criminal hackers looking to profit from identity theft.
"Medical data contains a trove of information – from personally identifiable data to financial details – that can be used to create a highly sought-after composite of an individual," cyber security firm RSA's Asia Pacific advisor Leonard Kleinman said.
"As it could contain any amount and level of information, healthcare institutions are among the most sought-after industries by criminals who can be motivated by a multitude of possible reasons," he said.
Singapore will set up a commission of inquiry to look into the hack and immediately move to strengthen government defences against cyber attacks, the Ministry of Communications said in a separate statement.
Patients can use this link and SingPass login to check if they are affected by the breach.